PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

US: These 14 North Koreans Posed as Remote IT Workers, Stole $88 Million

The North Koreans allegedly used fake, stolen, or borrowed identities of Americans to trick US employers into hiring them as remote IT workers.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: FBI)

The US has identified and exposed 14 North Korean nationals for allegedly posing as remote IT workers to trick employers into hiring them. 

On Thursday, the Justice Department announced it had indicted the North Koreans for using fake, stolen, or borrowed identities from real Americans to help them obtain jobs at US companies and nonprofits since at least 2017. The suspects “generated at least $88 million throughout the approximately six-year conspiracy,” the DOJ says. Their North Korean bosses often ordered them to earn at least $10,000 per month.

The suspects not only worked IT jobs but also stole confidential data, including source code, from their employers, with the goal of financial extortion. The income was then used to fund the North Korean government, which continues to face strict sanctions from the US.

“In some instances, US employers unwittingly employed North Korean IT workers for years and paid them hundreds of thousands of dollars in salary,” the Justice Department says. 

(Credit: FBI)

The indictment shows that the FBI unraveled some of the covert schemes and identified specific perpetrators. Investigators say all 14 suspects worked as staffers or senior leaders for two North Korean companies, Yanbian Silverstar and Volasys Silverstar, which the US already sanctioned. 

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

According to the 34-page indictment, some of the suspects were ordered in early 2021 to use the stolen personal information from 188 US-based people to pull off the scheme. 

In other instances, real Americans helped the North Koreans dupe their employers. The Justice Department notes that the suspects sometimes paid US-based people to attend job interviews and work meetings using fake aliases. At other times, the North Koreans enlisted US-based accomplices to receive laptops from the employers. “After these laptops were set up, the conspirators instructed the US persons to install software that allowed them to access the laptops from overseas,” the Justice Department says. 

Despite the indictment, the FBI warns that the North Korean government has trained and deployed “thousands of IT workers” to perpetrate the scheme. For example, Yanbian Silverstar and Volasys Silverstar collectively employed at least 130 North Korean IT workers.

As a result, the US is urging employers to fully vet remote employees before hiring them. “One of the ways to help minimize your risk is to insist current and future IT workers appear on camera as often as possible if they are fully remote,” said FBI Special Agent in Charge Ashley Johnson of the St. Louis field office. 

The US is also offering rewards for information about the 14 indicted North Korean nationals who’ve been known to work out of North Korea and China. Rewards will also be given for details about any other covert North Korean IT worker schemes.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio