Cybercrime
,
Fraud Management & Cybercrime
Justice Department Secures Guilty Pleas, $15M in Civil Forfeiture
U.S. federal prosecutors obtained five guilty pleas in cases that exposed how North Korean operatives used stolen and fabricated identities to secure remote tech jobs at U.S. companies. Court filings show the scheme generated more than $2.2 million for the regime and compromised the identities of at least 18 Americans.
See Also: OnDemand | North Korea’s Secret IT Army and How to Combat It
Officials said U.S. facilitators helped North Korean IT workers bypass hiring checks by supplying their own or stolen identities. They also hosted company-issued laptops in U.S. homes to make it appear the workers were logging in domestically (see: North Korea’s Hidden IT Workforce Exposed in New Report).
Prosecutors said the fraud affected more than 136 victim firms across finance, tech, healthcare and other sectors. The government said the vast majority of salary payments were then funneled offshore to IT workers tied to the Hermit Kingdom.
Assistant Attorney General for National Security John Eisenberg said in a statement that the pleas demonstrate a “comprehensive approach to disrupting North Korean efforts to finance their weapons program on the backs of Americans.”
In Georgia, three U.S. nationals admitted they supported the IT worker scam for years by posing for employer drug tests and installing unauthorized remote access software on company devices. One of the defendants, an active duty Army soldier at the time, earned more than $51,000 for the work.
In Washington, Ukrainian national Oleksandr Didenko pleaded guilty to identity theft and wire fraud after prosecutors said he sold stolen U.S. identities to overseas clients. He admitted to laundering hundreds of thousands of dollars and agreed to forfeit more than $1.4 million.
The crackdown efforts are part of a broader effort known as the “DPRK RevGen Domestic Enabler Initiative,” which targets U.S. based middlemen who help North Korean operatives generate revenue in violation of sanctions.
The announcement includes over $15 million in civil forfeiture actions against the regime that the department said were tied to four major crypto heists in 2023 that collectively siphoned hundreds of millions of dollars from virtual currency firms in Estonia, Panama and Seychelles. Investigators traced portions of those stolen assets through mixers, bridges and over the counter traders before freezing more than $15 million in USDT, a stablecoin linked to the U.S. dollar.
