The U.S. State Department has announced a reward of up to $5 million for information that could dismantle North Korea’s illegal IT work schemes.
Over six years, these operations have generated more than $88 million, funneling illicit funds to support Pyongyang’s banned nuclear missile programs.
Two companies, China-based Yanbian Silverstar and Russia’s Volasys Silverstar, employed North Korean nationals disguised as freelance IT workers. These so-called “IT warriors” tricked companies worldwide into hiring them, using fraudulent identities to gain remote employment. Collectively, they generated hundreds of millions of dollars annually for the North Korean regime.
The U.S. State Department revealed that these companies employ over 130 North Korean IT workers, referred to internally as “IT warriors,” who fraudulently acquired the identities of hundreds of U.S. citizens to secure employment. These identities were also used to register domains, host fake websites, and open accounts for laundering funds back to North Korea.
Legal Action and Ongoing Threats
The Department of Justice has indicted 14 North Korean nationals tied to Yanbian and Volasys for violations including identity theft, wire fraud, and money laundering. Led by CEO Jong Song Hwa, the group’s activities include creating fraudulent identities, stealing sensitive information, and extorting employers who discovered their schemes. Previous actions against these operations include the seizure of $2.26 million and 29 internet domains.
In one notable incident, an undercover North Korean “IT warrior” operating out of China exploited a U.S. company’s systems by posing as an employee based in Nashville. Another case involved an Arizona woman, Christina Marie Chapman, who ran a North Korean laptop farm from her home.
