The United States Justice Department reports that North Korean nationals have been using fake identities to work remotely for US companies as IT professionals in a scheme to fund weapons of mass destruction programs. At a news conference in St. Louis, Missouri, the FBI alleged that thousands of individuals have moved to countries such as Russia and China and posed as freelance IT workers living in the US. Companies in St. Louis and around the US were targeted in this plot.
The bad actors used false information for emails, payment platforms and websites — sometimes paying Americans to use their Wi-Fi and setting up proxy computers. Along with funneling their income to North Korea's weapons programs, some workers also hacked their employers' computer networks to take private information and leave the possibility for other schemes, such as extortion.
Special Agent in Charge Jay Greenberg of the FBI St. Louis Division went so far as to say that any company that employs freelance IT workers "more than likely" hired one of these bad actors. "This scheme is so prevalent that companies must be vigilant to verify whom they're hiring," Greenberg stated. "At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities. Without due diligence, companies risk losing money or being compromised by insider threats they unknowingly invited inside their systems."
The FBI didn't disclose when they first learned of the plot or which businesses were impacted. However, the bureau first released a warning to the IT industry-focused scheme in May 2022. The FBI also collected about $1.5 million in money earned by these workers during previously sealed seizures in October 2022 and January 2023.