US arrests American and Ukrainian in North Korea-linked IT infiltration scheme

WASHINGTON — U.S. prosecutors on Thursday announced the arrests of an American woman and a Ukrainian man they say helped North Korea-linked IT workers posing as Americans to obtain remote-work jobs at hundreds of U.S. companies.

The U.S. Department of Justice (DoJ) said the elaborate scheme, aimed at generating revenue for North Korea in contravention of international sanctions, involved the infiltration of more than 300 U.S. firms, including Fortune 500 companies and banks, and the theft of the identities of more than 60 Americans.

A DoJ statement said the overseas IT workers also attempted to gain employment and access to information at two U.S. government agencies, although these efforts were “generally unsuccessful.”

An earlier State Department statement said the scheme had generated at least $6.8 million for North Korea. It said the North Koreans involved were linked to North Korea’s Munitions Industry Department, which oversees development of the country’s ballistic missiles, weapons production, and research and development programs.

An indictment filed in federal court in Washington last week and unsealed on Thursday said charges had been filed against Christina Marie Chapman, 49, of Litchfield Park, Arizona; Ukrainian Oleksandr Didenko, 27, of Kyiv; and three other foreign nationals.

A Justice Department statement said Chapman was arrested on Wednesday, while Didenko was arrested on May 7 by Polish authorities at the request of the United States, which is seeking his extradition.

The State Department announced a reward of up to $5 million for information related to Chapman’s alleged co-conspirators, who used the aliases Jiho Han, Haoran Xu and Chunji Jin, and another unindicted individual using the aliases Zhonghua and Venechor S.

Court records did not list lawyers for those arrested and it was not immediately clear whether they had legal representation.

The head of the Justice Department’s Criminal Division, Nicole Argentieri, said the alleged crimes “benefited the North Korean government, giving it a revenue stream and, in some instances, proprietary information stolen by the co-conspirators.”

The charges “should be a wakeup call for American companies and government agencies that employ remote IT workers,” she said in the statement.

It said the scheme “defrauded U.S. companies across myriad industries, including multiple well-known Fortune 500 companies, U.S. banks, and other financial service providers.”

The DoJ said Didenko was accused of creating fake accounts at U.S. IT job search platforms, selling them to overseas IT workers, some of whom he believed were North Korean. It said overseas IT workers using Didenko’s services were also working with Chapman.

Didenko’s online domain, upworksell.com, was seized Thursday by the Justice Department, the statement said.

The DOJ statement said the FBI executed search warrants for U.S.-based “laptop farms” – residences that hosted multiple laptops for overseas IT workers.

It said that through these farms, including one Chapman hosted from her home, U.S.-based facilitators logged onto U.S. company computer networks and allowed the overseas IT workers to remotely access the laptops, using U.S. IP addresses to make it appear they were in the United States.

The statement said search warrants for four U.S. residences associated with laptop farms controlled by Didenko were issued in the Southern District of California, the Eastern District of Tennessee, and Eastern District of Virginia, and executed between May 8 and May 10.

North Korea is under U.N. sanctions aimed at cutting funding for its missile and nuclear weapons programs and experts say it has sought to generate income illicitly, including through IT workers.

Confidential research by a now-disbanded U.N. sanctions monitoring panel seen by Reuters on Tuesday showed they had been investigating 97 suspected North Korean cyberattacks on cryptocurrency companies between 2017 and 2024, valued at some $3.6 billion.

The U.N. sanctions monitors were disbanded at the end of April after Russia vetoed renewal of their mandate.

A research report from a Washington think tank in April said North Korean animators may have helped create popular television cartoons for big Western firms despite international sanctions. 

коментарі: