The U.S. Department of State's Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, is offering a reward of up to $5 million for information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support the Democratic People's Republic of Korea (DPRK). This includes the exportation of workers from North Korea to generate revenue, money laundering, and certain cyber activity that supports the DPRK's proliferation of weapons of mass destruction.
The Department is seeking information on North Korean information technology (IT) companies Yanbian Silverstar Network Technology Co., Ltd., based in the People's Republic of China (PRC), and Volasys Silverstar, based in Russia. These IT firms engaged in the exportation of North Korean IT workers, managers, and support staff to Yanji in China's Jilin Province and Vladivostok, Russia to generate revenue by deceiving U.S. and other businesses worldwide into hiring them as freelance IT workers. The companies then laundered their ill-gotten gains to benefit the DPRK.
The following individuals have worked in various capacities to direct, manage, or support these DPRK front companies:
- Jong Song Hwa (정성화), CEO of both IT companies
- Kim Ryu Song (김류성), president of Yanbian Silverstar
- Ri Kyong Sik (리경식), president of Volasys Silver Star
- Kim Mu Rim (김무림), senior manager
- Rim Un Chol (림은철), senior manager
- Cho Chung Pom (조충범), mid-level manager
- Hyon Chol Song (현철성), mid-level manager
- Sok Kwang Hyok (석광혁), mid-level manager
- Son Un Chol (손은철), mid-level manager
- Choe Jong Yong (최정용), IT worker
- Jang Chol Myong (장철명), IT worker
- Jong Kyong Chol (정경철), IT worker
- Kim Ye Won (김예원), IT worker
- Ko Chung Sok (고충석), IT worker
From April 2017 to 2023, these individuals and unnamed associates used the stolen, borrowed, and purchased identities of hundreds of U.S. persons to conceal their identities and worked with some 130 DPRK IT workers to generate at least $88 million in illicit revenue for North Korea. They also applied for, and obtained, remote employment as IT workers with U.S. businesses and organizations; registered internet domain names used to host websites designed to trick U.S. employers into thinking IT worker applicants and employees were currently or previously employed by reputable U.S. businesses; and created money transfer service accounts to receive funds from their U.S. employers and remit those funds to DPRK-controlled, PRC-based bank accounts. Conspiring with U.S. persons to purchase laptops or receive laptops from U.S. employers, they also installed remote access programs on them and extorted payments from the employers by threatening to release sensitive information online.
