US seeks information about North Korean scheme to secure IT work with US firms

By Thomson Reuters May 16, 2024 | 10:35 AM

WASHINGTON (Reuters) – The United States said on Thursday it is seeking information about three North Korean workers linked to the Communist country’s Munitions Industry Department and an American accomplice involved in a scheme to secure illicit work with U.S. firms and government agencies.

The State Department said in a statement that the scheme involved using false identities belonging to more than 60 real Americans and generated at least $6.8 million for North Korea. It said it is offering a reward of up to $5 million for information about the individuals.

The State Department said that from about October 2020 until October 2023, a U.S. national, Christina Chapman, assisted three North Koreans to get work as remote software and applications developers with companies in a range of sectors and industries.

It said the North Koreans were linked to North Korea’s Munitions Industry Department, which oversees development of the country’s ballistic missiles, weapons production, and research and development programs, and had also attempted, but failed, to gain similar employment at two U.S. government agencies.

A State Department statement did not name the agencies or the companies, but said it was seeking more information about the three – who used the aliases Jiho Han, Chunji Jin, and Haoran Xu – and their manager, whom it identified by the single name Zhonghua, as well as Chapman.

The State Department said it was offering a reward of up to $5 million “for information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support the Democratic People’s Republic of Korea (DPRK),” and included a link to the department’s Rewards for Justice website .

“Such activities include money laundering that supports the Government of North Korea or any senior official or person acting for or on behalf of that government,” it said.

North Korea is under U.N. sanctions aimed at cutting funding for its ballistic missile and nuclear weapons programs and experts say it has sought to generate income illicitly, including through IT workers.

The State Department said Chapman helped the North Koreans acquire valid identities of real U.S. citizens.

She “received and hosted laptop computers issued to the IT workers by U.S. employers to make it appear that the overseas workers were located in the United States and assisted the workers in connecting remotely to the U.S. companies’ IT networks on a daily basis,” it said.

Chapman also helped launder the proceeds by receiving, processing and distributing paychecks from the U.S. firms to the IT workers and others, the statement said. It gave no details about her identity.

Confidential research work by a now-disbanded U.N. sanctions monitoring panel seen by Reuters on Tuesday showed they had been investigating 97 suspected North Korean cyberattacks on cryptocurrency companies between 2017 and 2024, valued at some $3.6 billion.

The U.N. sanctions monitors were disbanded at the end of April after Russia vetoed renewal of their mandate.

A research report from a Washington think tank in April said North Korean animators may have helped create popular television cartoons for big Western firms despite international sanctions.

(Reporting by David Brunnstrom; Editing by Don Durfee and Leslie Adler)