The US Department of Justice on Thursday announced charges against five individuals for their involvement in a North Korean IT worker scheme to funnel hundreds of thousands of dollars to the Pyongyang regime.

The indictment names North Korean nationals Jin Sung-Il and Pak Jin-Song and their facilitators, US nationals Erick Ntekereze Prince and Emanuel Ashtor, and Mexican national Pedro Ernesto Alonso De Los Reyes. The suspects allegedly obtained work from over 64 US companies.

As part of the scheme, which ran from approximately April 2018 through August 2024, the defendants allegedly generated over $866,000 in revenue, laundering most of the funds through a Chinese bank account.

Ashtor, Ntekereze, and Alonso have been arrested. The FBI executed a search warrant at Ashtor’s residence in North Carolina, where he operated a ‘laptop farm’, hosting company-provided laptops so that US companies would believe they hired workers in the country.

To conceal the true identities of Jin, Pak, and other North Koreans, the defendants used forged and stolen identity documents, including US passports. This helped the North Korean nationals circumvent sanctions and other laws and obtain employment at US companies.

Ntekereze and Ashtor received company-provided laptops at their residences and installed remote access software on them, so that the IT workers could access them and perpetuate the deception, the indictment alleges. The defendants also conspired to launder the payments for the remote IT work through various accounts.

According to the US, North Korea dispatched thousands of IT workers in China, Russia, and other countries to deceive businesses worldwide into hiring them as freelance workers.

Using false identities backed by “pseudonymous email, social media, payment platform and online job site accounts, as well as false websites, proxy computers, and witting and unwitting third parties,” these workers generated revenue for the North Korean regime for years, the US says.

Google Cloud’s Mandiant and the FBI warned this week that North Korean fake IT workers are more aggressively extorting their employers in response to law enforcement actions.

Last week, the US Treasury announced sanctions against two individuals and four entities for their involvement in the North Korean fake IT worker scheme.

In December, the US charged 14 North Korean nationals for their involvement in the scheme, estimating that they funneled more than $88 million over six years to the Pyongyang regime. Hundreds of US firms, including cybersecurity companies, are believed to have hired such IT workers.

Related: North Korean Hackers Targeting Freelance Software Developers

Related: US Charges 3 Russians for Operating Cryptocurrency Mixers Used by Cybercriminals

Related: At Second Trial, Ex-CIA Employee Defends Himself in Big Leak

Related: California Law Restricting Companies’ Use of Information From Kids Online Is Halted by Federal Judge