Feds uncover remote tech workers scheme to benefit North Korea
June 30 (UPI) -- The U.S. Department of Justice on Monday announced a crackdown on North Korea using people to pose as tech workers to earn money and steal sensitive information for the regime.
In two unsealed charging indictments in Massachusetts and Atlanta, schemes were outlined to trick U.S. companies into hiring people who funneled their paychecks to the government and stole sensitive information and cryptocurrency.
The FBI and Justice Department have investigated in 16 states since 2021 with most searches conducted earlier this month. The targeted companies were not announced.
U.S. companies were warned to carefully screen their remote employees to avoid falling victim to similar ruses.
"The FBI will do everything in our power to defend the homeland and protect Americans from being victimized by the North Korean government," Roman Rozhavsky, assistant director of the FBI's Counterintelligence Division, said in a statement.
The phony North Korean workers were assisted by individuals in the United States, China, the United Arab Emirates and Taiwan, DOJ said. They successfully obtained employment with more than 100 U.S. companies, including Fortune 500 ones.
"These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime's illicit programs, including its weapons programs," Assistant Attorney General John A. Eisenberg of the Department's National Security Division said. "The Justice Department, along with our law enforcement, private sector, and international partners, will persistently pursue and dismantle these cyber-enabled revenue generation networks."
DOJ announced searches of 29 known or suspected "laptop farms" across 16 states, and the seizure of 29 financial accounts used to launder illicit funds and 21 fraudulent websites from October 2024 to June.
From June 10-17, the FBI executed searches of 21 premises across 14 states. In total, the FBI seized approximately 137 laptops.
"North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime," Brett Leatherman, assistant director of the FBI's Cyber Division, said. "That is why the FBI and our partners continue to work together to disrupt infrastructure, seize revenue, indict overseas IT workers and arrest their enablers in the United States. Let the actions announced today serve as a warning: if you host laptop farms for the benefit of North Korean actors, law enforcement will be waiting for you."
Obtained were salary payments, and in some cases, sensitive employer information such as export-controlled U.S. military technology and virtual currency.
In one scheme, they allegedly created front companies and fraudulent websites. They received access to company-provided laptop computers. Obtained were salary payments.
U.S. national Zhenxing "Danny" Wang of New Jersey was arrested in a 50-page, five-count indictment in Massachussets.
The document details a multi-year fraud scheme by Wang and his co-conspirators to obtain remote IT work with U.S. companies that generated more than $5 million in revenue. Several Chinese and Taiwanese nationals were charged but haven't been arrested.
From approximately 2021 until October 2024, the defendants and other co-conspirators compromised the identities of more than 80 U.S. people to obtain remote jobs at more than 100 U.S. companies.
They cost the companies at least $3 million for legal fees, computer network remediation costs, and other damages and losses.
In another scheme, people used false or fraudulently obtained identities to gain employment with an Atlanta-based blockchain research and development company where they stole virtual currency worth approximately $900,000.
The five-count wire fraud and money laundering indictment charged four North Korean nationals. The defendants remain at large and are wanted by the FBI.
These remote works were assisted by individuals in the United States, China, United Arab Emirates and Taiwan.
The U.S. Department of State has offered potential rewards for up to $5 million to disrupt the North Korean illicit financial activities, including for cybercrimes, money laundering and sanctions evasion.
Copyright 2025 UPI News Corporation. All Rights Reserved.
This story was originally published June 30, 2025 at 7:37 PM