$5 Million Reward Offered After Indictment of North Korean Cyber Operatives
A federal court in St. Louis, Missouri, has indicted 14 nationals of the Democratic People’s Republic of Korea (DPRK) for a series of long-running conspiracies involving sanctions violations, wire fraud, money laundering, and identity theft. These individuals, employed by North Korean-controlled companies Yanbian Silverstar and Volasys Silverstar, operated out of the People’s Republic of China (PRC) and the Russian Federation, executing sophisticated schemes to fund the North Korean regime.
According to the U.S. Department of Justice (DOJ), the conspirators used false identities to secure remote IT jobs at U.S. companies and nonprofit organizations. These false identities included those of U.S. citizens and others, designed to mask their North Korean origins. By leveraging stolen, borrowed, or falsified credentials, they secured high-paying roles and generated over $88 million during the six-year scheme.
“To prop up its brutal regime, the North Korean government directs IT workers to gain employment through fraud, steal sensitive information from U.S. companies, and siphon money back to the DPRK,” said Deputy Attorney General Lisa Monaco. “This indictment of 14 North Korean nationals exposes their alleged sanctions evasion and should serve as a warning to companies around the globe — be on alert for this malicious activity by the DPRK regime.”
The DOJ revealed that these workers not only earned salaries but also engaged in extortion by stealing sensitive company data, such as proprietary source code, and threatening to leak it unless ransom payments were made. One employer suffered hundreds of thousands of dollars in damages after refusing to meet an extortion demand.
Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division highlighted the cybersecurity risks posed by these activities, stating, “This indictment and associated disruptions highlight the cybersecurity dangers associated with this threat, including theft of sensitive business information for the purposes of extortion.”
The conspirators channeled the proceeds of their operations through financial systems in the U.S. and PRC to accounts that ultimately benefited the North Korean government.
The indictment is part of a larger, ongoing effort by U.S. authorities to disrupt North Korea’s illicit revenue-generation activities. Previous actions include court-authorized seizures of approximately $2.3 million and 29 internet domains used to bolster false identities. The State Department has also announced a reward of up to $5 million for information on the companies and individuals involved in these schemes.
