US Government Takes Down Major North Korean 'Remote IT Workers' Operation
The U.S. Department of Justice announced on Monday that it had taken significant enforcement actions against North Korea's money-making operations, which rely on undercover remote IT workers inside American tech companies to raise funds for the regime's nuclear weapons program, as well as to steal data and cryptocurrency.
As part of a multi-state effort, the government announced the arrest and indictment of U.S. national Zhenxing "Danny" Wang, who allegedly ran a years-long fraud scheme from New Jersey to sneak remote North Korean IT workers into U.S. tech companies.
The indictment alleges that Wang's scheme generated more than $5 million in revenue for the North Korean regime, making it one of the largest such operations ever taken down by U.S. authorities.
Wang and Co-Conspirators Indicted
wang is accused of conspiracy to commit wire fraud, money laundering, and identity theft.
The feds also indicted eight more people who participated in the scheme: six Chinese nationals and two Taiwanese citizens, who are accused of conspiring to commit wire fraud, money laundering, identity theft, hacking, and to violate sanctions.
A Years-Long Scheme
According to the indictment, the co-conspirators allegedly impersonated more than 80 U.S. individuals to get remote jobs at more than 100 American companies, causing $3 million in damages due to legal fees, data breach remediation efforts, and more.
The group is said to have run laptop farms inside the United States, which the North Korean IT workers could essentially use as proxies to hide their provenance, according to the DOJ.
Using Hardware Devices to Anonymize Provenance
At times, they used hardware devices known as keyboard-video-mouse (KVM) switches, which allow one person to control multiple computers from a single keyboard and mouse.
The group allegedly also ran shell companies inside the U.S. to make it seem like the North Korean IT workers were affiliated with legitimate local companies, and to receive money that would then be transferred abroad, the DOJ said.
Stealing Sensitive Data
The fraudulent scheme allegedly involved the North Korean workers stealing sensitive data, such as source code, from the companies they were working for, including an unnamed California-based defense contractor "that develops artificial intelligence-powered equipment and technologies."
FBI Raids and Seizures
The FBI carried out searches earlier in June on 21 locations across 14 states, which were allegedly hosting laptop farms used by the North Korean scheme.
The FBI seized 137 laptops as a result of the raids.
Seizing Assets and Crypto
The feds also said they seized at least 21 web domains, 29 financial accounts used to launder tens of thousands of dollars, and more than 70 laptops and remote access devices, including KVMs.
Five North Korean Nationals Indicted for Wire Fraud and Money Laundering
Five North Korean nationals were indicted for wire fraud and money laundering after they stole more than $900,000 in crypto from two unnamed companies, thanks to their use of fake or stolen identities, the DOJ said.
A Threat to National Security
"Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies," Leah B. Foley, U.S. Attorney for the District of Massachusetts, was quoted as saying.
From 2021 until 2024, the co-conspirators allegedly impersonated more than 80 U.S. individuals to get remote jobs at more than 100 American companies, causing $3 million in damages due to legal fees, data breach remediation efforts, and more.