North Korean IT workers tried getting jobs in government agencies — the US is offering $5M for details

The State Department is seeking information about a trio of North Korean IT workers and an American co-conspirator that were involved in a scheme to fraudulently secure work within U.S. government agencies and companies.

The sham staffers affiliated with the DPRK’s Munitions Industry Department obtained illicit telework employment with U.S. companies using false identities belonging to more than 60 real U.S. persons, the State Department said. The tactics generated at least $6.8 million for Pyongyang.

They attempted to gain similar jobs at two unnamed U.S. agencies but failed, State said Thursday. The agency is offering an up to $5 million reward for information leading to the disruption of their money laundering scheme.

Between Oct. 2020 and Oct. 2023, the U.S. collaborator — named Christina Chapman — enabled the North Korean nationals to secure remote software development work by helping them masquerade as American citizens, placing them in well known firms across the country. She is charged with nine counts, including conspiracy to defraud the U.S. government, with some 300 U.S. firms being impacted, according to a federal court indictment unsealed on Thursday.

She is alleged to have aided the workers — named by the State Department as Jiho Han, Chunji Jin, and Haoran Xu — by helping them obtain valid identification of real U.S. citizens. She is also accused of hosting the computers provided to the North Korean workers by their U.S. employers to make it appear as if they were working in a U.S. location.

“She also helped launder the proceeds from the scheme by receiving, processing, and distributing paychecks from the U.S. firms to these IT workers and others,” the State Department added.

According to the indictment, two overseas co-conspirators were blocked in efforts to obtain contractor positions at the Immigration and Customs Enforcement and the Federal Protective Services because they could not comply with fingerprinting requirements. Separately, another participant in the conspiracy secured a contractor position at the General Services Administration, but was terminated just five days after attending an introductory meeting.

North Korea’s munitions directorate is linked to its ballistic missile research program, which has been found to be frequently funded by covert transactions often exchanged via cryptocurrency.

The nation has deployed shadow operatives across the globe who pose as legitimate technology workers, planting themselves inside firms to carry out long-haul schemes that fund Pyongyang’s nuclear weapons research. The schemes have paid for some 50% of the DPRK’s missile projects, according to public U.S. assessments.

Despite rounds of sanctions, North Korean workers may have been surreptitiously employed to create and storyboard Western cartoons for major streaming services, a recent think tank analysis found.

A 2022 advisory said the laundering tactics provide a “critical stream of revenue” to Puongyang’s economic and security priorities, and that their malign IT workers are based in China, Russia and parts of Africa and Southwest Asia.