Justice Department Unveils Fraud Scheme Involving North Korean IT Workers

The Justice Department disrupts a scheme using North Korean IT workers posing as U.S. citizens.

The Justice Department has unsealed charges, seizures, and other court-authorized actions to disrupt illicit revenue generation efforts by North Korea. The charges include prosecutions of several individuals involved in schemes to place North Korean IT workers in remote positions at U.S. companies under false identities.

According to court documents, thousands of skilled IT workers from North Korea used stolen or borrowed U.S. identities to infiltrate domestic companies’ networks, generating revenue for the North Korean government. Over 300 U.S. companies were defrauded using U.S. payment platforms and online job site accounts.

Two criminal prosecutions were unsealed by the U.S. Attorney’s Office for the District of Columbia. Two defendants have been arrested, and related seizures and search warrants have been executed across various jurisdictions. The investigations were led by the FBI Phoenix and New York Field Offices and IRS Criminal Investigations, coordinated with other FBI field offices and U.S. Attorney’s Offices, resulting in arrests in the United States and Poland.

Principal Deputy Assistant Attorney General Nicole M. Argentieri emphasized the importance of these charges as a wakeup call for American companies and government agencies employing remote IT workers. U.S. Attorney Matthew M. Graves highlighted the broad approach to attacking funding sources for North Korea.

Assistant Director Kevin Vorndran of the FBI’s Counterintelligence Division and FBI Special Agent in Charge Akil Davis of the Phoenix Field Office reiterated the national security implications of cybersecurity. IRS Criminal Investigation Acting Special Agent in Charge Carissa Messick and FBI Assistant Director Smith of the New York Field Office echoed the commitment to exposing and prosecuting criminal fraud schemes tied to North Korea.

An indictment was unsealed against U.S. citizen Christina Marie Chapman for her role in a scheme assisting overseas IT workers in obtaining remote positions at over 300 U.S. companies. Chapman allegedly ran a “laptop farm,” hosting computers for overseas workers to make it appear they were operating from the United States. The indictment also charged three foreign nationals with money laundering.

A separate criminal complaint was unsealed against Ukrainian national Oleksandr Didenko for his role in creating fake accounts and selling them to overseas IT workers. Didenko was arrested in Poland and is awaiting extradition to the United States.

The Justice Department also seized Didenko’s domain, upworksell.com, and executed search warrants for U.S.-based “laptop farms.” The FBI and IRS-CI Phoenix Field Office are investigating the cases, with assistance from other FBI field offices.

The FBI, along with the Departments of State and Treasury, issued advisories in May 2022 and October 2023 to alert about the North Korea IT worker threat.

The indictments and criminal complaints are merely allegations, and all defendants are presumed innocent until proven guilty in a court of law.

Source: Read Original Release

U.S. Charges Five in North Korea Cyber Scheme

U.S. authorities have charged five individuals, including an Arizona woman and four foreign nationals, with participating in schemes to fraudulently place overseas IT workers posing as U.S. citizens in remote positions at American companies, benefiting North Korea‘s government and nuclear program.