Under the radar - ???? North Korea sanctions evasion scheme using IT workers

On January 23, 2025, the US Department of Justice revealed an interesting way in which North Korea (DPRK) manages to evade the restrictions of international sanctions??. The press has also been investigating this issue for the past 2 years, including the use of fake Linkedin accounts. Details of this international sanctions evasion scheme are provided below.

?? The US Department of Justice charged 2 North Korean nationals, 1 Mexican national, and 2 U.S. nationals in a fraudulent scheme to obtain remote IT work with U.S. companies that generated revenue for North Korea. All 5 defendants are charged with conspiracy to cause damage to a protected computer, conspiracy to commit wire and mail fraud, conspiracy to commit money laundering, and conspiracy to transfer false identification documents.

??Between April 2018 and August 2024, the defendants and their co-conspirators obtained work from at least 64 U.S. companies. Payments from 10 of these companies generated at least $866,255 in revenue, most of which the defendants then ?laundered through a Chinese bank account. The U.S. perpetrators operated a "laptop farm" that hosted laptops provided by the victim companies to deceive the companies into believing they had hired U.S.-based employees.

??The defendants used counterfeit and stolen identification documents, including U.S. passports containing the stolen personal information of a U.S. person, to conceal the true identities of North Korean co-conspirators so that those North Korean nationals could evade sanctions and other laws and obtain employment with U.S. companies. The U.S. offenders received laptops from U.S. corporate employers at their residences and downloaded and installed remote access software on them without authorization to facilitate access by IT workers and to perpetuate the deception of U.S. companies. They also conspired to launder payments for the remote IT work through a series of accounts designed to facilitate the scheme and conceal its proceeds.

??The DPRK has sent thousands of skilled IT workers to live overseas, primarily in China and Russia, with the goal of deceiving U.S. and other companies around the world into hiring them as freelance IT workers to generate revenue for the regime. DPRK IT worker schemes involve the use of pseudonymous email, social media, payment platform, and online job site accounts, as well as fake websites, proxy computers, and witting and unwitting third parties in the United States and elsewhere. These IT workers have collectively generated hundreds of millions of dollars each year on behalf of designated entities, such as the North Korean Ministry of Defense and others directly involved in the DPRK's weapons of mass destruction programs.

?? ?? If you are interested in the topic of international sanctions, I would like to invite you to attend my free webinar?? organized by the Institute of Financial Studies (ISF). ?? The next episode is scheduled in the first half of April 2025.