U.S.: North Koreans posed as tech workers to fund weapons
WASHINGTON – Posing as Americans, North Korean technology workers secured remote work contracts with hundreds of U.S. companies as part of a scheme to help fund Pyongyang’s illicit nuclear weapons and missile programs, the U.S. government said on Thursday.
For three years, starting in October 2020, a U.S. national named Christina Chapman of Arizona helped three North Korean IT workers obtain “illicit telework employment” using the identities of U.S. citizens, earning about $6.8 million, the State Department said.
More than 300 U.S. companies were defrauded in the effort, the Justice Department said in a separate release, announcing charges against Chapman and other alleged co-conspirators.
“The charges describe a years’ long campaign by the North Korean government to infiltrate U.S. job markets through fraud in an effort to raise revenue for the North Korean government and its illicit nuclear program,” the Justice Department said.
The North Korean workers also tried and failed to gain employment with – and information from – two U.S. government agencies, according to the U.S. The workers are linked to North Korea’s ballistic missile, weapons production and research and development programs, the State Department said. The companies that hired the workers weren’t identified, nor were the agencies that didn’t hire them.
Chapman not only helped steal U.S. identities but ran a “laptop farm” by hosting computers issued by the U.S. companies on behalf of the North Korean workers, the Justice Department said, operating them from her home so that it looked like the North Korean workers were based in the U.S.
She also allegedly helped launder the proceeds with her own financial accounts by receiving, processing and distributing their paychecks, the department added. That resulted in U.S. companies filing false documentation to the Department of Homeland Security and false reports to the Internal Revenue Service.
The U.S. also charged Oleksandr Didenko of Kyiv, Ukraine, with engaging in a years-long effort to create accounts using false identities at U.S.-based freelance IT job search platforms and money service companies, according to the Justice Department. He ran a platform that allowed remote IT workers to “buy or rent accounts using identities other than their own on various platforms,” the department said.
Facing a raft of U.S. and United Nations sanctions for its nuclear weapons and ballistic missile programs, North Korea has turned to deploying IT workers overseas for government revenue, in addition to relying on cyberattacks and other online crimes, U.S. and South Korean officials previously told Bloomberg.
The in-demand workers can make as much as $300,000 a year working abroad, often working remotely through freelance platforms and using falsified or stolen identification, those officials said.
The U.S. State Department’s Rewards for Justice program is offering as much as $5 million for information that leads to the disruption of efforts to fund North Korea’s weapons program.
North Korea is also known to use fake job offers in order to trick U.S. employees into providing sensitive information.
The development comes after North Korean hackers for years have targeted American companies, launching ransomware attacks and conducting cryptocurrency thefts, as another way to raise money for weapons programs. Suspected North Korean hackers also stole slightly more than $1 billion in cryptocurrency last year, according to the blockchain analysis company Chainalysis Inc.
_____
(With assistance from Jeff Stone.)