The US government, specifically the Federal Bureau of Investigation (FBI) [4], has taken action against a fraudulent scheme involving North Korean IT workers. These workers [1] [2] [3] [4] [5] [6] [7] [8], based primarily in China and Russia [6] [8], deceive companies into hiring them under false identities [8], generating illicit revenues to finance North Korea’s weapons programs.


The FBI has seized 17 website domains that were posing as legitimate US-based IT services companies [1]. These domains were allegedly used by North Korean IT workers affiliated with the Workers’ Party of Korea’s Munitions Industry Department. The workers deceive businesses into hiring them and generate millions of dollars in illicit revenues. The FBI has issued guidance on the tactics used by these IT workers [8], including cheating during coding tests and making threats to release proprietary source codes [8]. Employers are being warned to exercise caution when hiring these workers and granting them access to IT systems.

The seizures were made pursuant to a court order in Missouri [6]. The US government alleges that North Korea employs thousands of IT workers worldwide [6], primarily in China and Russia [6] [8], to deceive businesses into hiring them as freelance IT workers and generate revenue for its weapons programs [1] [6] [7]. In response, the US and South Korea have imposed sanctions on North Korean IT workers who are accused of hiding their identities and using forged documentation [6]. It has also been warned that hiring North Korean IT workers can lead to intellectual property theft [7].

These recent seizures of website domains follow previous seizures of $1.5 million in revenue collected by the same group of IT workers [6] [7]. To further combat this issue, information sharing partnerships have been established to prevent North Korean IT workers from accessing online freelance work and payment service providers [6].

The FBI’s efforts to seize these websites are part of a broader initiative to prevent funds collected by these workers from being sent back to North Korea and to safeguard US companies from being infiltrated with North Korean computer code. The websites were created by individuals working for China-based Yanbian Silverstar Network Technology and Russia-based Volasys Silver Star [4], both of which are on the US Treasury sanctions lists [4].

The FBI’s St [4]. Louis office has already seized $1.5 million in funds collected by the fraudulent workers [4]. In 2022 [4], both US and South Korean agencies issued warnings about these tactics [4]. The FBI has provided security recommendations for vetting potential candidates and has urged employers to exercise caution when hiring and granting access to IT systems to avoid inadvertently supporting the North Korean government’s activities or hiring hackers who may steal corporate data or initiate attacks.


The Department of Justice is committed to collaborating with private sector partners to protect US businesses from this type of fraud and disrupt the funds that fuel North Korean missiles [7]. North Korea’s use of cybercrime to raise funds [5], with hackers stealing over $1.2 billion in cryptocurrency since 2017 [5], highlights the need for continued vigilance and proactive measures to safeguard against such threats.