The U.S. Justice Division charged 5 people at the moment, a U.S. Citizen lady, a Ukrainian man, and three overseas nationals, for his or her involvement in cyber schemes that generated income for North Korea’s nuclear weapons program.
They had been allegedly concerned between October 2020 and October 2023 in a marketing campaign coordinated by the North Korean authorities “to infiltrate U.S. job markets through fraud in an effort to raise revenue for the North Korean government and its illicit nuclear program.”
Two of them, Christina Marie Chapman and Oleksandr Didenko, had been arrested on Might 15 in Litchfield Park, Arizona, and in Poland on Might 7, 2024, with the DOJ now looking for Didenko’s extradition to the US.
They had been each charged with conspiracy to defraud the US, aggravated identification theft, and conspiracy to commit cash laundering, wire fraud, identification fraud, and financial institution fraud.
Three different overseas nationals, identified solely by their aliases (Jiho Han, Haoran Xu, and Chunji Jin), had been additionally charged with conspiracy to commit cash laundering.
If convicted, Chapman faces a most of 97.5 years in jail, whereas Didenko’s most penalty can attain 67.5 years. Every of the John Does additionally faces a most penalty of 20 years.
“Chapman and her co-conspirators committed fraud and stole the identities of American citizens to enable individuals based overseas to pose as domestic, remote IT workers,” mentioned Nicole M. Argentieri, the top of the Justice Division’s Legal Division.
Immediately, the U.S. State Division introduced a reward of as much as $5 million for any data associated to Chapman’s co-conspirators, the North Korean IT employees charged at the moment, and their supervisor, solely referred to as Zhonghua.
North Koreans labored remotely by way of U.S. laptop computer farms
In response to the indictment, Chapman housed the North Korean IT employees’ computer systems in her own residence, making a “laptop farm” to make it seem as if her co-conspirators’ units had been in the US.
They had been employed as distant software program and software builders with a number of Fortune 500 corporations, together with an aerospace and protection firm, a serious tv community, a Silicon Valley expertise firm, and a high-profile firm.
They had been paid tens of millions for his or her work, and Chapman processed their paychecks from U.S. corporations by means of her monetary accounts.
Didenko additionally ran a web-based platform referred to as UpWorkSell (whose area was seized by the DOJ), knowingly offering providers to permit North Koreans to make use of false identities whereas looking for distant IT work positions.
“Didenko is alleged to have managed as many as approximately 871 proxy identities, provided proxy accounts for three freelance IT hiring platforms, and provided proxy accounts for three different money service transmitters,” the DOJ mentioned.
“In coordination with co-conspirators, Didenko facilitated the operation of at least three U.S.-based ‘laptop farms,’ hosting approximately 79 computers. Didenko sent or received $920,000 in U.S.D. payments since July 2018.”
Their scheme compromised over 60 U.S. identities and affected greater than 300 U.S. corporations. It additionally resulted in false tax liabilities for greater than 35 U.S. residents and generated not less than $6.8 million in income for abroad IT employees.
Immediately, the FBI additionally issued an advisory with extra data on how North Korea’s IT employees undermine the safety of corporations that rent them and steering on how you can spot North Korean IT employee schemes.
Beforehand, the US additionally printed joint advisories with overseas companions warning of North Korean IT employee schemes and sanctioned a number of organizations concerned in North Korea’s IT employee income technology schemes.
