The Justice Department has announced a series of coordinated and court-authorized actions to disrupt the illicit revenue generation efforts of Democratic People’s Republic of Korea (DPRK) information technology (IT) workers. This is part of a wider initiative, the DPRK RevGen: Domestic Enabler Initiative, which aims to prioritize high-impact, strategic, and unified enforcement and disruption operations across the U.S. Government targeting U.S.-based enablers of unlawful DPRK IT workers overseas.
Under this initiative, launched in March 2024 by the National Security Division and FBI Cyber and Counterintelligence Divisions, the Department is prioritizing several key areas. These include identifying and shutting down U.S.-based “laptop farms”, investigating and prosecuting U.S.-based witting enablers where appropriate, fostering international partnerships with like-minded countries that also host IT worker support networks, improving speed and content of notifications to victims, primarily unwitting U.S. companies; and enhancing partnerships with private sector online service providers.
Assistant Attorney General Matthew G. Olsen said, “Today’s announcement reveals the complex web of deception and facilitators that is central to the North Korean regime’s schemes to evade international sanctions to finance its weapons program.” He added that such sustained campaigns against this threat will continue to enhance collective national security and cybersecurity.
Assistant Director Bryan Vorndran of the FBI’s Cyber Division echoed these sentiments saying that they are committed to leveraging everything at their disposal to disrupt North Korean IT workers from subverting the rule of law in order to fund DPRK's weapons programs.
As alleged in court documents, the DPRK government dispatched thousands of skilled IT workers abroad with an aim to deceive businesses worldwide into hiring them as freelance IT workers. The aim was for these workers to generate revenue for its weapons programs. The scheme involved using pseudonymous email accounts, social media accounts, payment platform accounts, online job site accounts as well as false websites among other things.
In a recent enforcement action, Minh Phuong Vong of Bowie, Maryland was arrested for his alleged participation in a scheme to assist overseas IT workers. Separately, the Eastern District of Missouri led a seizure action against 12 website domains used by DPRK IT workers to mimic western IT services firms.
Executive Assistant Director Larissa L. Knapp of the FBI’s National Security Branch said that these alleged schemes likely benefitted the Democratic People’s Republic of Korea in evading U.S. sanctions and victimizing American businesses.
The FBI, along with the Departments of State and Treasury, issued an advisory in May 2022 to alert the international community about the North Korea IT worker threat. Updated guidance was issued in October 2023 by the United States and South Korea.
Concurrent with today's announcement, two additional criminal prosecutions were unsealed today resulting in two arrests and execution of related seizures and search warrants in multiple jurisdictions. The U.S. Department of State has offered rewards for up to $5 million in support of international efforts to disrupt North Korea’s illicit activities.