US Justice Department charges five in cyber scheme funding North Korea’s nuclear programme
Extradition proceedings are underway for the accused, with the FBI issuing an advisory to raise awareness of North Korean IT worker schemes.
The US Justice Department has taken legal action against five individuals for their involvement in cyber schemes that funnelled funds into North Korea’s nuclear weapons programme, notably a US citizen woman, a Ukrainian man, and three foreign nationals. Allegedly operating between October 2020 and October 2023, these individuals were part of a coordinated campaign orchestrated by the North Korean government to infiltrate the US job markets through fraudulent means, aiming to generate revenue for the North Korean illicit nuclear program.
Among the accused, Christina Marie Chapman and Oleksandr Didenko were arrested in Litchfield Park, Arizona, and Poland, respectively, with extradition proceedings initiated for Didenko’s transfer to the USA. The charges levelled against them include conspiracy to defraud the USA, aggravated identity theft, and a range of financial crimes such as money laundering, wire fraud, identity fraud, and bank fraud. Additionally, three other foreign nationals, identified only by aliases (Jiho Han, Haoran Xu, and Chunji Jin), were also implicated in a conspiracy to commit money laundering.
Chapman and her co-conspirators allegedly engaged in fraudulent activities, including stealing the identities of American citizens to enable foreign individuals to pose as domestic IT workers. Meanwhile, Didenko was involved in managing an online platform called UpWorkSell, which also facilitated North Koreans in using false identities to secure remote IT positions. Didenko is accused of overseeing numerous proxy identities and accounts, as well as operating US-based ‘laptop farms’ to host computers used by North Korean IT workers. The financial transactions associated with these activities amounted to significant sums, with Didenko handling payments totalling $920,000 in US dollars since July 2018.
The impact of their scheme extended to compromising over 60 US identities, affecting more than 300 US companies, and creating false tax liabilities for numerous American citizens. The illicit activities generated at least $6.8 million in revenue for overseas IT workers. In response to these developments, the FBI issued an advisory to provide insights into how North Korean IT workers undermine the security of companies that employ them and offered guidance on identifying North Korean IT worker schemes. Prior to this, the USA had collaborated with international partners to issue warnings about North Korean IT worker schemes and had imposed sanctions on organisations involved in North Korea’s IT worker revenue generation initiatives.