The Justice Department Thursday announced the indictment of North Korean nationals Jin Sung-Il (진성일) and Pak Jin-Song (박진성), Mexican national Pedro Ernesto Alonso De Los Reyes, and U.S. nationals Erick Ntekereze Prince and Emanuel Ashtor for a fraudulent scheme to obtain remote IT work with U.S. companies that generated revenue for North Korea.
According to the indictment, over the course of their scheme, from approximately April 2018 through August 2024, the defendants and their unindicted co-conspirators obtained work from at least 64 U.S. companies.
Payments from ten of those companies generated at least $866,255 in revenue, most of which the defendants then laundered through a Chinese bank account.
As part of this prosecution, the FBI arrested Ntekereze and Ashtor and executed a search of Ashtor’s residence in North Carolina, where he previously operated a “laptop farm” that hosted victim company-provided laptops to deceive companies into thinking they had hired U.S.-located workers.
Alonso was arrested in the Netherlands on Jan. 10, pursuant to an arrest warrant from the United States.
The DPRK has dispatched thousands of skilled IT workers to live abroad, primarily in China and Russia, with the aim of deceiving U.S. and other businesses worldwide into hiring them as freelance IT workers to generate revenue for the regime.
DPRK IT worker schemes involve the use of pseudonymous email, social media, payment platforms and online job site accounts, as well as false websites, proxy computers, and witting and unwitting third parties located in the United States and elsewhere.
As described in a May 2022 tri-seal public service advisory released by the FBI and State and Treasury Departments, such IT workers have been known individually earn up to $300,000 annually, generating hundreds of millions of dollars collectively each year, on behalf of designated entities, such as the North Korean Ministry of Defense and others directly involved in the DPRK’s weapons of mass destruction programs.
According to the indictment, the defendants used forged and stolen identity documents, including U.S. passports containing the stolen personally identifiable information of a U.S. person, to conceal the true identities of Jin, Pak, and other North Korean co-conspirators, so that these North Korean nationals could circumvent sanctions and other laws to obtain employment with U.S. companies.
Ntekereze and Ashtor received laptops from U.S. company employers at their residences, downloading and installing remote access software on them without authoris
ation to facilitate IT worker access and to perpetuate the deception of U.S. companies. The defendants further conspired to launder payments for the remote IT work through a variety of accounts designed to promote the scheme and conceal its proceeds.
All five defendants are charged with conspiracy to cause damage to a protected computer, conspiracy to commit wire fraud and mail fraud, conspiracy to commit money laundering, and conspiracy to transfer false identification documents.
Jin and Pak are charged with conspiracy to violate the International Emergency Economic Powers Act. If convicted, the defendants face a maximum penalty of 20 years in prison. A federal district court judge will determine the sentence of each defendant after considering the U.S. Sentencing Guidelines and other statutory factors.
Under the Department-wide “DPRK RevGen: Domestic Enabler Initiative,” launched in March 2024 by the National Security Division and the FBI’s Cyber and Counterintelligence Divisions, Department prosecutors and agents are prioritizing the identification and shuttering of U.S.-based “laptop farms” – locations hosting laptops provided by victim U.S. companies to individuals they believed were legitimate U.S.-based freelance IT workers – and the investigation and prosecution of individuals hosting them.
Thursday’s announcement follows successful actions taken by the Department in October 2023, May 2024, August 2024, and December 2024, which targeted similar and related conduct.
