The FBI has arrested two US citizens for allegedly helping North Koreans obtain remote IT jobs from US companies.
Authorities say Erick Ntekereze Prince and Emanuel Ashtor let the North Koreans use their New York addresses to apply for IT jobs within the US, according to a federal indictment. Once the jobs were secured, company laptops were sent to the New York addresses, where the North Koreans accessed them via remote login software.
Ashtor also had a home in North Carolina, where he created a “laptop farm” to run the company-issued computers on behalf of the North Koreans, duping their employers, the DOJ says.
In addition, Prince and Ashtor established two front companies, Taggear Inc, and Vali Tech Inc. that posed as staffing agencies for remote IT workers. When applying for jobs, the North Koreans used forged or stolen identity documents, which included paying a Sweden-based Mexican national named Pedro Ernesto Alonso De Los Reyes for letting them use his identity on the job applications.
In response, the US has also indicted Alonso de los Reyes, along with two North Koreans, Jin Sung-Il and Pak Jin-Song, accused of orchestrating the fraudulent work scheme. Alonso de los Reyes was arrested in the Netherlands on Jan. 10, pursuant to an arrest warrant from the United States, the Justice Department says.
From 2018 to 2024, the North Koreans duped at least 64 US companies into giving them jobs. According to the indictment, they only received payments from 10 US companies, but they still raked in $866,255. The North Koreans paid Prince $89,000 while Ashtor received over $40,000.
(Credit: Media Trading Ltd via Getty Images)
No victim companies were named. But the indictment notes the conspiracy targeted a US technology company headquartered in San Francisco, an international cruise line based in Florida, and a US multinational retail corporation, among others.
The indictment represents the US’ growing effort to crack down on North Koreans trying to bypass sanctions to gain remote work in the US. “Such IT workers have been known individually to earn up to $300,000 annually, generating hundreds of millions of dollars collectively each year,” the Justice Department adds, with the funds distributed back to the North Korean government, including the country’s Ministry of Defense.
The investigations have also been going after Americans accused of aiding the North Koreans. Last year, the US separately charged a woman in Arizona and a man in Tennessee for helping North Koreans run company-issued laptops within the US.
Recommended by Our Editors
Another issue is that the scheme exposes US companies to the risk of hacking. On Thursday, the FBI issued an alert, warning it had discovered North Korean IT workers “leveraging unlawful access to company networks to exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf of the regime.”
Google-owned cybersecurity firm Mandiant adds that the US has seen success in shutting down the North Korean IT worker scheme. “However, an unfortunate byproduct of law enforcement action is these threat actors are becoming noticeably more aggressive in their tactics,” says analyst Michael Barnhart.
“We are increasingly seeing North Korean IT workers infiltrating larger organizations to steal sensitive data and follow through on their extortion threats against these enterprises,” he adds. “It’s also unsurprising to see them expanding their operations into Europe to replicate their success, as it’s easier to entrap citizens who aren’t familiar with their ploy.” Hence, companies should consider bolstering their vetting processes when hiring remote workers.
Like What You’re Reading?
This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.
About Michael Kan
Senior Reporter
