FBI: Thousands of remote IT workers sent wages to North Korea to help fund weapons program

ST. LOUIS (AP) — Thousands of information technology workers contracting with U.S. companies have for years secretly sent millions of dollars of their wages to North Korea for use in its ballistic missile program, FBI and Department of Justice officials said.

The Justice Department said Wednesday that IT workers dispatched and contracted by North Korea to work remotely with companies in St. Louis and elsewhere in the U.S. have been using false identities to get the jobs. The money they earned was funneled to the North Korean weapons program, FBI leaders said at a news conference in St. Louis.

Federal authorities announced the seizure of $1.5 million and 17 domain names as part of the investigation, which is ongoing.

Jay Greenberg, special agent in charge of the St. Louis FBI office, said any company that hired freelance IT workers “more than likely” hired someone participating in the scheme.

“This scheme is so prevalent that companies must be vigilant to verify whom they’re hiring,” Greenberg said in a news release. “At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities.”

Officials didn’t name the companies that unknowingly hired North Korean workers, or say when the practice began.

Court documents allege that the government of North Korea dispatched thousands of skilled IT workers to live primarily in China and Russia with the goal of deceiving businesses from the U.S. and elsewhere into hiring them as freelance remote employees.

The IT workers generated millions of dollars a year in their wages to benefit North Korea’s weapons programs. In some instances, the North Korean workers also infiltrated computer networks and stole information from the companies that hired them, the Justice Department said. They also maintained access for future hacking and extortion schemes, the agency said.

Greenberg said the workers used various techniques to make it look like they were working in the U.S., including paying Americans to use their home Wi-Fi connections.

Tensions on the Korean Peninsula are high as North Korea has test-fired more than 100 missiles since the start of 2022 and the U.S. has expanded its military exercises with its Asian allies, in tit-for-tat responses.

In September, North Korean leader Kim Jong Un called for an exponential increase in production of nuclear weapons and for his country to play a larger role in a coalition of nations confronting the United States in a “new Cold War,” state media said.

In February, United Nations experts said that North Korean hackers working for the government stole record-breaking virtual assets last year estimated to be worth between $630 million and more than $1 billion. The panel of experts said in a report that the hackers used increasingly sophisticated techniques to gain access to digital networks involved in cyberfinance, and to steal information that could be useful in North Korea’s nuclear and ballistic missile programs from governments, individuals and companies.