The US Department of Justice (DOJ) has indicted five individuals for fraudulently obtaining remote credentials to work for American companies and generating revenue for the DPRK. The individuals allegedly collected at least $866,255 in revenue from 10 US companies while also gaining employment at 64 American companies between April 2018 and August 2024.
Indicted individuals include two North Korean nationals, Jin Sung-Il and Pak Jin-Song, two American nationals named Erick Ntekereze Prince and Emanuel Ashtor, and one Mexican named Pedro Ernesto Alonso De Los Reyes. Jin and Pak used fake documents and stolen personally identifiable information of two Americans to gain employment. At the same time, American citizens Prince and Ashtor hosted laptops from companies at their residences and installed remote access software on them to allow the former two access.
The FBI arrested Prince and Ashtor following a search of Ashtor’s North Carolina residence, which also served as a home base for the laptop farm for work laptops obtained from the companies. Mexican national Alonso was arrested on January 10 in the Netherlands. All five defendants face charges of conspiracy to cause damage to a protected computer, conspiracy to commit wire fraud and mail fraud, conspiracy to commit money laundering, and conspiracy to transfer false identification documents.

Additionally, Jin and Pak also face a conspiracy charge for violating the International Emergency Economic Powers Act. All five individuals face up to 20 years in prison if found guilty. The DOJ claims that this is just one example of the thousands of the thousands of skilled IT workers North Korea has placed abroad, primarily in Russia and China, with “the aim of deceiving U.S. and other businesses worldwide into hiring them as freelance IT workers to generate revenue for the regime.”
The indictment is the latest in the US’ ongoing attempt to tackle fake North Korean IT workers who gain employment in US companies only to send their salaries back to Pyongyang as revenue for its various programs. Previously, security researchers discovered threat actors with ties to the Democratic People’s Republic of Korea (DPRK) were impersonating US-based software and technology consulting businesses to achieve their financial goals as part of a larger IT worker scheme.
In the News: WazirX parent, Zettai, calls creditors’ meet to recover stolen crypto