North Korean information technology professionals working remotely as freelancers in the United States sent millions of dollars from their salaries to support North Korea’s ballistic missile program over several years. Officials from the FBI and the United States Department of Justice described the scheme, revealing it through investigative reporting by the Associated Press. The pattern shows a coordinated effort that combined software skills with calculated methods to funnel funds to a military program abroad, all while operating under a veil of legitimate employment.
People involved worked on long-term remote contracts with companies based in St. Louis and other American cities. They often presented convincing professional profiles and used fabricated backgrounds and documents to land roles that allowed them to stay connected to overseas payroll streams. Their strategy relied on the appearance of normal business activity, including the use of American financial infrastructures and payment channels, to move money without triggering immediate alarms. This approach gave the impression that work was being performed in the United States, even as the true objective was to route earnings back to North Korea for missiles and related programs.
FBI Special Agent Jay Greenberg outlined several techniques used by these IT professionals to sustain the illusion of domestic employment. Among the tactics was the arrangement of payments to individuals who would provide at-home Wi‑Fi access or otherwise facilitate the transmission of funds, exploiting ordinary household networks to conceal unusual financial movements. The agents emphasized that these were not isolated incidents but part of a broader operation designed to exploit trusted routines in American business and household settings.
Authorities noted that the breach occurred in a period when security measures and military exercises between the United States and South Korea were being conducted. The attempts to interfere with those exercises illustrate a wider objective: to disrupt military readiness and to gain leverage through cyber-enabled pressure. The revelations underscore the vulnerability of cross-border employment arrangements when workers are willing to use their positions to assist state-backed programs rather than their own employers, a dynamic that adds urgency to ongoing financial and digital safeguards.
Earlier reporting has described North Korean citizens forging resumes and profiles to target international firms, with some focusing on cryptocurrency theft and other financial exploits. The combined impact of such activities raises concerns about the integrity of remote work ecosystems, the resilience of payroll and contractor networks, and the potential for lawful channels to be diverted toward illicit ends. Investigations continue to map the full extent of these operations and to identify vulnerabilities that could be exploited in the future for similar purposes. Attribution remains a key element in these efforts, helping to connect individual actors to broader state-sponsored activities and to inform enforcement and policy responses. The evolving nature of the threat has prompted agencies to enhance monitoring, risk assessments, and international cooperation to deter misuse of remote work arrangements and to protect critical security interests. (AP) (FBI & DOJ)