The U.S. Department of Justice has indicted 14 North Korean nationals for orchestrating a sophisticated fraud scheme that generated approximately $88 million through illegal employment in U.S. companies. The individuals, working for North Korean-controlled firms Yanbian Silverstar and Volasys Silverstar in China and Russia, used stolen identities to secure remote IT positions while concealing their true nationality.
Key Developments:
– The scheme operated for six years, involving identity theft, wire fraud, and money laundering
– Perpetrators engaged in source code theft and ransomware attacks
– 29 fraudulent website domains were seized by authorities
– $2.26 million in related bank accounts has been frozen
– The State Department is offering a $5 million reward for information
Operational Methods:
– Used false identities and documentation
– Established U.S.-based laptop farms for remote access
– Created fake websites mimicking legitimate IT companies
– Utilized proxy servers and VPNs to mask locations
The indictment coincides with a recent $50 million cryptocurrency heist at Radiant Capital, attributed to Citrine Sleet, a North Korean threat group. The attack involved social engineering tactics targeting developers through fake job opportunities and malicious software deployment.
If convicted, the defendants face up to 27 years in prison for charges including sanctions violations, wire fraud, money laundering, and identity theft.