The FBI Miami Field Office has successfully uncovered and disrupted a multi-year, fraudulent remote IT work scheme that generated revenue for the Democratic People’s Republic of Korea (DPRK). Five individuals, including two North Korean nationals and three accomplices, have been indicted for their roles in deceiving U.S. companies, including those in Florida, into hiring DPRK nationals as remote IT workers, ultimately funding North Korea’s illicit activities, including weapons programs.

The investigation, which was part of a larger initiative by the Department of Justice, identified over 64 U.S. companies that were deceived by the fraudulent operations. The scheme involved North Korean nationals, who worked remotely for U.S. businesses under false identities, including individuals in Florida. These workers generated over $860,000 in revenue, which was funneled back to North Korea using laundered funds.

“The Department of Justice remains committed to disrupting North Korea’s cyber-enabled sanctions-evading schemes, which seek to trick U.S. companies into funding the North Korean regime’s priorities, including its weapons programs,” said Supervisory Official Devin DeBacker of the Justice Department’s National Security Division.

The defendants—Jin Sung-Il and Pak Jin-Song of North Korea, Pedro Ernesto Alonso De Los Reyes of Mexico, and U.S. nationals Erick Ntekereze Prince and Emanuel Ashtor—were indicted for a range of charges, including conspiracy to commit wire fraud, money laundering, and conspiracy to transfer false identification documents. Notably, Ashtor operated a “laptop farm” in North Carolina, but the investigation also highlights the role of Florida-based businesses and contractors in enabling the fraudulent activities.

The scheme relied on deceptive methods, such as forged identification documents and the installation of remote access software on company laptops, to trick U.S. companies into believing they were hiring legitimate U.S.-based freelance IT workers. Many of these fraudulent workers were located in China, Russia, and other regions, but their operations affected Florida businesses as well.

The indictment follows an ongoing national effort to shut down U.S.-based “laptop farms” that serve as cover for North Korean workers.

The U.S. government, continuing its broader initiative to combat cyber-enabled fraud and sanctions evasion linked to North Korea’s regime, closely monitors and investigates such schemes. In collaboration with the State and Treasury Departments, the FBI issued an advisory in 2022 to alert the international community, private sector, and public about the threat posed by North Korean IT workers. Updated guidance was released in October 2023 by the U.S. and the Republic of Korea (South Korea), and again in May 2024 by the FBI, highlighting indicators of North Korean IT worker fraud and the use of U.S.-based laptop farms. Most recently, the FBI issued additional guidance on the extortion and theft of sensitive company data by North Korean IT workers, along with recommended mitigation strategies.