U.S. Slaps $5 Million Bounty on North Korean IT Workers in Corporate Espionage Scandal

The U.S. government has put a bounty of up to $5 million on North Korean IT workers who have infiltrated American companies. These North Korean employees worked remotely at over 300 U.S. companies using fake American identities, earning over $6.8 million.

 The US Department of State announced on the 16th (local time) that it is searching the personnel’s information, using the Reward for Justice, a reward program for terror information.

North Korean IT workers using the pseudonyms Jiho Han, Chunji Jin, and Haoran Xu worked remotely as software and application developers at various U.S. companies using over 60 fake American identities. They earned at least $6.8 million through this.

According to the Department of Justice’s indictment, the North Korean IT workers infiltrated a total of over 300 U.S. companies. These companies included major national TV networks, Silicon Valley’s top tech companies, iconic American car manufacturers, and some of the most well-known media and entertainment companies internationally. The indictment did not specify the company names, but the Fortune 500 companies selected by Fortune magazine are also included.

American citizen Christina Chapman (49) helped these three North Korean IT workers to work at U.S. companies from October 2010 to October 2023. Chapman, who lives in Arizona, helped the North Korean IT workers secure the identities of American citizens so they could impersonate Americans.

Chapman ran a laptop farm with over 90 computers in her home. She fooled companies into believing that these workers were living in the U.S. by connecting to IT networks with laptops provided by U.S. companies on behalf of the North Korean IT workers. In addition, Chapman laundered criminal proceeds by receiving and distributing money paid by U.S. companies to North Korean IT workers.

It was reported that the North Korean IT workers failed to get jobs at two U.S. government agencies.

CNN stated, “North Korean IT workers typically impersonate other nationalities and apply for jobs in various fields such as gaming, IT support, and artificial intelligence (AI) through remote work. According to experts, some of these IT employees closely cooperate with North Korean hackers, a major source of income for the North Korean regime.”

Last year, a White House official revealed that North Korea is funding about half of its missile program through cyber-attacks and cryptocurrency theft.

Michael Barnhart, a North Korea expert at Mandiant, told CNN, “By directing its IT workers to gain employment at Western companies, North Korea has weaponized its tech talent and created the ultimate insider threat.” The US Department of State revealed that the North Korean IT workers who were offered a bounty are connected to the North Korean military-industrial department, which oversees missile development, weapons production, and research and development.

North Korea is making money by hacking the cryptocurrency industry or participating as subcontractors in animation projects produced by U.S. or Japanese companies. Previously, 38 North, a U.S. website specializing in North Korea, pointed out that some of the drawings in the work files uploaded to a North Korean internet cloud server were related to the latest projects of U.S. and Japanese animation production companies. Seemingly, North Korea is participating in these projects as a subcontractor through China and other countries.

Meanwhile, the Department of Justice indicted four foreign nationals, including Ukrainian national Oleksandr Didenko (27), on charges of fraud for helping North Korean IT workers infiltrate along with Ms. Chapman. The identities of the other three foreign nationals were not disclosed.