The US Department of Justice is taking down five criminals responsible for a remote worker scam that lasted multiple years.

A remote worker scam is complex but occurs when another country releases waves of fake IT specialists with forged credentials. These fake specialists pose as freelancers and integrate themselves into the IT departments of companies and government agencies.

In this case, two US nationals also helped the scammers. Erick Ntekereze Prince and Emanuel Ashtor were arrested after authorities discovered they were running laptop farms full of laptops given to them by the victim companies. These computers were used as proxies by the scammers to make it appear as if they were working from within the US.

They were also said to have installed remote access software on the victim companies’ computers so other scammers could pose as the workers without raising alarms.

North Korean nationals Jin Sung-Il and Pak Jin-Song, and Mexican national Pedro Ernesto Alonso De Los Reyes were also named and indicted by the DoJ. Alonso was caught and arrested in the Netherlands. There is also a large pool of unindicted co-conspirators.

“The DPRK has dispatched thousands of skilled IT workers to live abroad, primarily in China and Russia, with the aim of deceiving US and other businesses worldwide into hiring them as freelance IT workers,” the DoJ writes.

The suspects allegedly used the stolen money to fund North Korea’s national weapons program. Altogether they stole $866,255 during a campaign that ran from April 2018 to August 2020. The hacking campaign targeted at least 64 US companies before it was brought down.

The DoJ also notes that North Korean hackers have been known to make up to $300,000 a year from these remote worker scams. That money is then funneled back to the North Korean government.

In this scam, the hackers laundered their stolen money through a Chinese bank account before sending it back to Korea.

All five of the suspects face up to 20 years in prison for a variety of charges, including wire and mail fraud, money laundering, damaging a protected computer, and transferring false identification documents.