There have been thousands of information technology employees working as contractors in the U.S. who have reportedly been sending millions of dollars from their earnings to North Korea for the country’s ballistic missile program, according to the FBI and Department of Justice.
The Justice Department stated on Wednesday that there have been a number of IT workers secretly working for North Korea who work remotely with U.S. companies in St. Louis and elsewhere. These employees have apparently been using fake identifications in order to get the jobs in question.
Business Insider reported that the authorities have seized more than $1.5 million and 17 domain names as part of the ongoing investigation. Jay Greenberg, a special agent who is the head of the St. Louis FBI office, said that one company hired freelance IT employees who were likely involved in the scheme.
Rebecca Wu, spokesperson for the FBI, said that “[w]e can tell you that there are thousands of North Korean IT workers that are part of this.” FBI officials say that the scheme is widespread, suggesting that companies need to be vigilant about who they hire.
Greenberg said that “the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities.”
The Associated Press reported officials have not named the companies that may have hired IT workers with connections to North Korea. They also did not describe how investigators were informed of the situation from the outset.
However, it appears that the State Department was aware of the potential of North Korea attempting to obtain important resources from the U.S. since at least May 2022.
The State Department, FBI, and the Department of the Treasury released an advisory in 2022 which claimed it was possible that North Koreans were trying to “obtain employment while posing as non-North Korean nationals.”
The advisory went on to note that North Korean leader Kim Jong Un “has placed increased focus on education and training” in subjects related to IT.
John Hultquist, head of the cybersecurity firm Mandiant, said that the recent discovery of North Korea attempting to leverage U.S. IT jobs to fund its own weapons systems is nothing new, noting that it has been going on for at least a decade.
“I think the post-COVID world has created a lot more opportunity for them because freelancing and remote hiring are a far more natural part of the business than they were in the past,” Hultquist said.