North Koreans posing as American tech workers to fund weapons: US

For three years, starting in October 2020, a US national named Christina Chapman of Arizona helped three North Korean IT workers obtain “illicit telework employment” using the identities of US citizens, earning about $6.8 million, the State Department said.

More than 300 US companies were defrauded in the effort, the Justice Department said in a separate release, announcing charges against Chapman and other alleged co-conspirators.

“The charges describe a years’ long campaign by the North Korean government to infiltrate U.S. job markets through fraud in an effort to raise revenue for the North Korean government and its illicit nuclear program,” the Justice Department said.

The North Korean workers also tried and failed to gain employment with — and information from — two US government agencies, according to the US. The workers are linked to North Korea’s ballistic missile, weapons production and research and development programs, the State Department said. The companies that hired the workers weren’t identified, nor were the agencies that didn’t hire them.

Chapman not only helped steal US identities but ran a “laptop farm” by hosting computers issued by the US companies on behalf of the North Korean workers, the Justice Department said, operating them from her home so that it looked like the North Korean workers were based in the US.

She also allegedly helped launder the proceeds with her own financial accounts by receiving, processing and distributing their paychecks, the department added. That resulted in US companies to filing false documentation to the Department of Homeland Security and false reports to the Internal Revenue Service.

The US also charged Oleksandr Didenko of Kyiv, Ukraine, with engaging in a years-long effort to create accounts using false identities at US-based freelance IT job search platforms and money service companies, according to the Justice Department. He ran a platform that allowed remote IT workers to “buy or rent accounts using identities other than their own on various platforms,” the department said.

Facing a raft of US and United Nations sanctions for its nuclear weapons and ballistic missile programs, North Korea has turned to deploying IT workers overseas for government revenue, in addition to relying on cyberattacks and other online crimes, US and South Korean officials previously told Bloomberg.

The in-demand workers can make as much as $300,000 a year working abroad, often working remotely through freelance platforms and using falsified or stolen identification, those officials said.

The US State Department’s Rewards for Justice program is offering as much as $5 million for information that leads to the disruption of efforts to fund North Korea’s weapons program.

North Korea is also known to use fake job offers in order to trick US employees into providing sensitive information.

The development comes after North Korean hackers for years have targeted American companies, launching ransomware attacks and conducting cryptocurrency thefts, as another way to raise money for weapons programs. Suspected North Korean hackers also stole slightly more than $1 billion in cryptocurrency last year, according to the blockchain analysis company Chainalysis Inc.