St. Louis, Missouri federal court indicts 14 North Koreans accused of fraudulent IT worker scheme

North Korea has dispatched thousands of skilled information technology (IT) workers around the world, earning revenue that contributes to the North Korean regime, according to the United States Department of Justice, which is based in Northwest, Washington, D.C., USA. Their goal was to deceive businesses worldwide into hiring them as remote IT workers to generate revenue in violation of U.S. and United Nations sanctions.

14 North Korean IT workers

On December 11, 2024, a federal court in St. Louis, Missouri, USA indicted 14 North Koreans accused of conspiring to violate U.S. sanctions and commit wire fraud, money laundering and identity theft. Their alleged schemes involve false websites, proxy computers, virtual private networks, virtual private servers, unwitting third parties in the U.S. and elsewhere and the use of pseudonymous email, social media, payment platform and online job site accounts.

The conspirators allegedly conspired to use false, stolen and borrowed identities of U.S. citizens and other persons to conceal their North Korean identities and foreign locations and obtain employment as remote IT workers for U.S. companies and nonprofit organizations. Here are their names:

1. Cho Chung Pom (조충범)
2. Choe Jong Yong (최정용)
3. Hyon Chol Song (현철성)
4. Jang Chol Myong (장철명)
5. Jong Kyong Chol (정경철)
6. Jong Song Hwa (정성화)
7. Kim Mu Rim (김무림)
8. Kim Ryu Song (김류성)
9. Kim Ye Won (김예원)
10. Ko Chung Sok (고충석)
11. Ri Kyong Sik (리경식)
12. Rim Un Chol (림은철)
13. Sok Kwang Hyok (석광혁)
14. Son Un Chol (손은철)

Each of the 14 conspirators was charged with conspiracy to commit identity theft, conspiracy to commit money laundering, conspiracy to commit wire fraud and conspiracy to violate the International Emergency Economic Powers Act. Additionally, eight of them were each charged with aggravated identity theft.

All of the 14 conspirators worked for Yanbian Silverstar in China and Volasys Silverstar in Russia in capacities ranging from senior company leaders to IT workers. Both companies are controlled by North Korea.

Yanbian Silverstar and Volasys Silverstar

Collectively, Yanbian Silverstar and Volasys Silverstar employed at least 130 North Korean IT workers. The companies organized periodic socialism competitions for their employees who would compete to generate money for North Korea and the top performers would receive bonuses and other prizes.

The North Korean IT workers obtained salaried employment at several companies and nonprofit organizations based in the U.S. Some of the U.S. employers unknowingly employed North Korean IT workers and paid them hundreds of thousands of dollars in salary for years.

To conceal their North Korean identities from the employers, the suspects allegedly applied for jobs using stolen identities of U.S. citizens and paid U.S. citizens to attend job interviews and work meetings remotely under fake identities. The suspects allegedly registered web domains and designed fake websites to convince prospective employers that the false identities were qualified, experienced and previously employed by reputable contracting firms.

However, the websites listed contact telephone numbers that did not correspond to area codes of business locations and physical addresses that were addresses of residences and not office buildings. The websites also contained disjointed or nonsensical phrases including “Nor, moreover, is there anyone who loves pain because it is pain, pursues it, wants to gain it, but”.