{
	"id": "ff84b0d3-14b2-4281-930c-cea600f59d61",
	"created_at": "2026-04-06T00:17:03.143454Z",
	"updated_at": "2026-04-10T03:20:01.560003Z",
	"deleted_at": null,
	"sha1_hash": "9f6bf5e25913eb74867eeadf0d0b4bb420ac1901",
	"title": "Two North Korean Nationals and Three Facilitators Indicted for Multi-Year Fraudulent Remote Information Technology Worker Scheme that Generated Revenue for the Democratic People’s Republic of Korea",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 58023,
	"plain_text": "Two North Korean Nationals and Three Facilitators Indicted for\r\nMulti-Year Fraudulent Remote Information Technology Worker\r\nScheme that Generated Revenue for the Democratic People’s\r\nRepublic of Korea\r\nPublished: 2025-01-23 · Archived: 2026-04-05 14:46:48 UTC\r\nNote: View the indictment here.\r\nThe Justice Department today announced the indictment of North Korean nationals Jin Sung-Il (진성일) and Pak\r\nJin-Song (박진성), Mexican national Pedro Ernesto Alonso De Los Reyes, and U.S. nationals Erick Ntekereze\r\nPrince and Emanuel Ashtor for a fraudulent scheme to obtain remote information technology (IT) work with U.S.\r\ncompanies that generated revenue for the Democratic People’s Republic of Korea (DPRK or North Korea).\r\n“The Department of Justice remains committed to disrupting North Korea’s cyber-enabled sanctions-evading\r\nschemes, which seek to trick U.S. companies into funding the North Korean regime’s priorities, including its\r\nweapons programs,” said Supervisory Official Devin DeBacker of the Justice Department's National Security\r\nDivision. “Our commitment includes the vigorous pursuit of both the North Korean actors and those providing\r\nthem with material support. It also includes standing side-by-side with U.S. companies to not only disrupt ongoing\r\nvictimization, but also to help them independently detect and prevent such schemes in the future.”\r\n“FBI investigation has uncovered a years-long plot to install North Korean IT workers as remote employees to\r\ngenerate revenue for the DPRK regime and evade sanctions,” said Assistant Director Bryan Vorndran of the FBI’s\r\nCyber Division. “The indictments announced today should highlight to all American companies the risk posed by\r\nthe North Korean government. As always, the FBI is available to assist victims of the DPRK. Please reach out to\r\nyour local FBI field office should you have any questions or concerns.”\r\nAccording to the indictment, over the course of their scheme, from approximately April 2018 through August\r\n2024, the defendants and their unindicted co-conspirators obtained work from at least sixty-four U.S. companies.\r\nPayments from ten of those companies generated at least $866,255 in revenue, most of which the defendants then\r\nlaundered through a Chinese bank account. As part of this prosecution, the FBI arrested Ntekereze and Ashtor and\r\nexecuted a search of Ashtor’s residence in North Carolina, where he previously operated a “laptop farm” that\r\nhosted victim company-provided laptops to deceive companies into thinking they had hired U.S.-located workers.\r\nAlonso was arrested in the Netherlands on Jan. 10, pursuant to an arrest warrant from the United States.\r\nThe DPRK has dispatched thousands of skilled IT workers to live abroad, primarily in China and Russia, with the\r\naim of deceiving U.S. and other businesses worldwide into hiring them as freelance IT workers to generate\r\nrevenue for the regime. DPRK IT worker schemes involve the use of pseudonymous email, social media, payment\r\nplatform and online job site accounts, as well as false websites, proxy computers, and witting and unwitting third\r\nparties located in the United States and elsewhere. As described in a May 2022 tri-seal public service advisory\r\nhttps://www.justice.gov/opa/pr/two-north-korean-nationals-and-three-facilitators-indicted-multi-year-fraudulent-remote\r\nPage 1 of 3\n\nreleased by the FBI, and State and Treasury Departments, such IT workers have been known individually earn up\r\nto $300,000 annually, generating hundreds of millions of dollars collectively each year, on behalf of designated\r\nentities, such as the North Korean Ministry of Defense and others directly involved in the DPRK’s weapons of\r\nmass destruction programs.\r\nAccording to the indictment, the defendants used forged and stolen identity documents, including U.S. passports\r\ncontaining the stolen personally identifiable information of a U.S. person, to conceal the true identities of Jin, Pak,\r\nand other North Korean co-conspirators, so that these North Korean nationals could circumvent sanctions and\r\nother laws to obtain employment with U.S. companies. Ntekereze and Ashtor received laptops from U.S. company\r\nemployers at their residences, downloading and installing remote access software on them, without authorization,\r\nto facilitate IT worker access and to perpetuate the deception of U.S. companies. The defendants further conspired\r\nto launder payments for the remote IT work through a variety of accounts designed to promote the scheme and\r\nconceal its proceeds.\r\nAll five defendants are charged with conspiracy to cause damage to a protected computer, conspiracy to commit\r\nwire fraud and mail fraud, conspiracy to commit money laundering, and conspiracy to transfer false identification\r\ndocuments. Jin and Pak are charged with conspiracy to violate the International Emergency Economic Powers Act.\r\nIf convicted, the defendants face a maximum penalty of 20 years in prison. A federal district court judge will\r\ndetermine the sentence of each defendant after considering the U.S. Sentencing Guidelines and other statutory\r\nfactors.\r\nUnder the Department-wide “DPRK RevGen: Domestic Enabler Initiative,” launched in March 2024 by the\r\nNational Security Division and the FBI’s Cyber and Counterintelligence Divisions, Department prosecutors and\r\nagents are prioritizing the identification and shuttering of U.S.-based “laptop farms” – locations hosting laptops\r\nprovided by victim U.S. companies to individuals they believed were legitimate U.S.-based freelance IT workers –\r\nand the investigation and prosecution of individuals hosting them. Today’s announcement follows successful\r\nactions taken by the Department in October 2023, May 2024, August 2024, and December 2024, which targeted\r\nsimilar and related conduct.\r\nhttps://www.justice.gov/opa/pr/two-north-korean-nationals-and-three-facilitators-indicted-multi-year-fraudulent-remote\r\nPage 2 of 3\n\nThe FBI Miami Field Office is investigating the case.\r\nAssistant U.S. Attorneys Jonathan Stratton and Sean Cronin for the Southern District of Florida and Trial Attorney\r\nGregory J. Nicosia, Jr. of the National Security Division’s National Security Cyber Section are prosecuting the\r\ncase. Substantial assistance was also provided by Tracy Varghese and Menno Goedman of the National Security\r\nDivision’s Counterintelligence and Export Control Section and the Justice Department’s Office of International\r\nAffairs.\r\nThe FBI, in conjunction with the State and Treasury Departments, issued a May 2022 advisory\r\nto alert the international community, private sector, and public about the North Korea IT worker threat. Updated\r\nguidance was issued in October 2023 by the United States and the Republic of Korea (South Korea) and in May\r\n2024 by the FBI, which include indicators to watch for that are consistent with the North Korea IT worker fraud\r\nand the use of U.S.-based laptop farms. Today, the FBI issued additional guidance regarding extortion and theft of\r\nsensitive company data by North Korean IT workers, along with recommended mitigations.\r\nAn indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a\r\nreasonable doubt in a court of law.\r\nSource: https://www.justice.gov/opa/pr/two-north-korean-nationals-and-three-facilitators-indicted-multi-year-fraudulent-remote\r\nhttps://www.justice.gov/opa/pr/two-north-korean-nationals-and-three-facilitators-indicted-multi-year-fraudulent-remote\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.justice.gov/opa/pr/two-north-korean-nationals-and-three-facilitators-indicted-multi-year-fraudulent-remote"
	],
	"report_names": [
		"two-north-korean-nationals-and-three-facilitators-indicted-multi-year-fraudulent-remote"
	],
	"threat_actors": [],
	"ts_created_at": 1775434623,
	"ts_updated_at": 1775791201,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9f6bf5e25913eb74867eeadf0d0b4bb420ac1901.pdf",
		"text": "https://archive.orkl.eu/9f6bf5e25913eb74867eeadf0d0b4bb420ac1901.txt",
		"img": "https://archive.orkl.eu/9f6bf5e25913eb74867eeadf0d0b4bb420ac1901.jpg"
	}
}