The FBI Miami Field Office successfully discovered and disrupted a multi-year fraudulent remote IT work scheme that generated revenue for the Democratic People’s Republic of Korea (DPRK).
Five people, including two North Korean nationals and three accomplices, have been charged with defrauding U.S. companies, including those in Florida, into hiring DPRK nationals as remote IT workers, ultimately funding North Korea’s illegal activities, including weapons programs.
The investigation, which was part of a larger Department of Justice initiative, revealed that the fraudulent operations deceived over 64 US companies.
The scheme involved North Korean nationals working remotely for U.S. businesses under false identities, including people in Florida. These workers earned more than $860,000, which was then laundered and sent back to North Korea.
“The Department of Justice remains committed to disrupting North Korea’s cyber-enabled sanctions-evasion schemes, which seek to dupe US businesses into funding the North Korean regime’s priorities, including its weapons programs,” said Supervisory Official Devin DeBacker of the Justice Department’s National Security Division.
The defendants—North Koreans Jin Sung-Il and Pak Jin-Song, Mexican Pedro Ernesto Alonso De Los Reyes, and US citizens Erick Ntekereze Prince and Emanuel Ashtor—were indicted on a variety of charges, including conspiracy to commit wire fraud, money laundering, and conspiracy to transfer false identification documents.
Notably, Ashtor ran a “laptop farm” in North Carolina, but the investigation also focuses on the role of Florida-based businesses and contractors in facilitating the fraudulent activities.
The scheme used deceptive methods, such as forged identification documents and the installation of remote access software on company laptops, to dupe US businesses into believing they were hiring legitimate US-based freelance IT workers.
Many of these fraudulent workers were based in China, Russia, and other countries, but their activities impacted Florida businesses as well.
The indictment comes as part of a larger national effort to close “laptop farms” in the United States that provide cover for North Korean workers.
The US government, as part of a larger effort to combat cyber-enabled fraud and sanctions evasion linked to North Korea’s regime, closely monitors and investigates such schemes.
The FBI, in collaboration with the State and Treasury Departments, issued an advisory in 2022 to warn the international community, private sector, and general public about the threat posed by North Korean IT workers.
The United States and the Republic of Korea (South Korea) issued updated guidance in October 2023, and the FBI followed up in May 2024, highlighting indicators of North Korean IT worker fraud and the use of U.S.-based laptop farms.
Most recently, the FBI provided additional guidance on the extortion and theft of sensitive company data by North Korean IT workers, as well as recommended mitigation strategies.