14 North Korean Hackers Are Wanted by the U.S.—Department of State Offers $5 Million Reward

The U.S. Department of State has announced a reward of up to $5 million for information leading to the capture of 14 North Korean IT developers accused of stealing confidential information and fraudulently earning at least $88 million through employment at U.S. companies.

On Thursday, the Department of State revealed that it is tracking two North Korean IT companies: Yanbian Silverstar Network Technology, based in China, and Volasys Silverstar, located in Russia. According to the Department of State, IT personnel from these companies posed as freelancers and secured jobs with companies in the U.S. and other countries worldwide. They reportedly funneled illegal earnings of at least $88 million to North Korea.

The wanted individuals include the CEOs of the two companies, Jeong Seong Hwa and Kim Ryu Seong, and Ri Kyung Sik, the head of Volasys Silverstar, along with 14 others.

The Department of State reported that these individuals installed remote access programs on laptops provided by U.S. employers and threatened to release sensitive information online unless paid. They also created service accounts to transfer funds received from U.S. companies and employers into Chinese bank accounts controlled by North Korea.

From April 2017 to 2023, hundreds of U.S. identities were reportedly stolen, according to the Department of State.

The Department of State has activated its Reward for Justice program for these individuals. This program offers financial incentives for information that aids counterterrorism efforts and addresses threats to U.S. national security.

Concurrently, the U.S. Department of Justice has charged these individuals with wire fraud, money laundering, and identity theft. Lisa Monaco, Deputy Attorney General, stated in a press release that to sustain its brutal regime, the North Korean government directs its IT workers to fraudulently gain employment, steal sensitive information from U.S. companies, and funnel money back to the regime. She added that the indictment of the 14 North Korean nationals exposes their sanctions-evading behavior and raises awareness among global companies about the malicious activities of the North Korean regime.

Michael Barnhart, who leads Mandiant’s North Korean threat-hunting team, noted that in recent months, Mandiant had observed increased extortion attempts linked to North Korean IT personnel. He explained that what sets these cases apart is the publication of sensitive data stolen from victim organizations to coerce them into paying large ransoms, marking the first time such tactics have been used. Additionally, the perpetrators are demanding unprecedented amounts of cryptocurrency.

Barnhart further stated that the recent indictments of key leaders within North Korea’s IT personnel organizations signify expanded law enforcement efforts to disrupt these illegal operations. These actions target the attackers who plan such operations, dismantle their supporting infrastructure, and create barriers to continued success.