Fourteen North Korean nationals have been accused of using false identities to get IT jobs with US companies and siphon money back to their communist country.
The practice, if proven, is in violation of US sanctions against the restrictive nation.
An indictment filed in a federal court in Missouri alleges that $88m (£70m) was generated for the North Korean government between April 2017 and March 2023.
Some of the revenue was used to support the Democratic People’s Republic of Korea’s (DPRK) weapons programmes, according to government departments including the FBI.
The workers “misrepresent themselves” as foreign or US-based teleworkers, the indictment said.
Ashley T Johnson, special agent in charge of the FBI in St Louis, said the workers stole sensitive information from companies or threatened to leak information in exchange for extortion payments – in addition to accepting wages.
Victims included companies that were defrauded and people whose identities were stolen across the US, Ms Johnson said.
All 14 people face charges including wire fraud, money laundering and identity theft.
Most are believed to be in North Korea, and Ms Johnson acknowledged that bringing them to justice will be difficult.
A $5m (£4m) reward is being offered for information.
The suspects are said to have used “virtual private networks, virtual private servers, third-country IP addresses, proxy accounts and falsified or stolen identification documents”, the indictment said.
It is alleged they “surreptitiously” obtained IT development employment from companies “spanning a range of sectors and industries around the world”.
Some are said to have developed applications and software for their employers and, in some instances, used “privileged access gained through such employment for illicit purposes”.
And it is alleged they enabled “malicious cyber intrusions by other DPRK actors into an employer’s network”.
Read more from Sky News:
Prince Andrew’s ‘close confidant’ barred from entering UK
Centrist Francois Bayrou named as France’s new prime minister
The FBI said the vast majority were operating on behalf of entities “directly involved in the DPRK’s UN-prohibited nuclear and ballistic missile programmes”.
They are also said to be involved in conventional weapons development.
In October 2023, the FBI in St Louis announced the seizure of $1.5m (£1.2m) and 17 domain names as part of the investigation.
Ms Johnson is urging companies to be careful when vetting IT workers hired to work remotely.
“One of the ways to help minimise your risk is to insist that current and future IT workers appear on camera as often as possible if they are fully remote,” she said.
Content Source: news.sky.com