The U.S. Department of Justice announced on Monday that it had taken several enforcement actions against North Korea’s money-making operations, which rely on undercover remote IT workers inside American tech companies to raise funds for the regime’s nuclear weapons program, as well as to steal data and cryptocurrency.
As part of the DOJ’s multi-state effort, the government announced the arrest and indictment of U.S. national Zhenxing “Danny” Wang, who allegedly ran a years-long fraud scheme from New Jersey to sneak remote North Korean IT workers inside U.S. tech companies. According to the indictment, the scheme generated more than $5 million in revenue for the North Korean regime.
Wang is accused of conspiracy to commit wire fraud, money laundering, and identity theft.
The feds also indicted eight more people who participated in the scheme: six Chinese nationals and two Taiwanese citizens, who are accused of conspiring to commit wire fraud, money laundering, identity theft, hacking, and to violate sanctions.
“Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies,” Leah B. Foley, U.S. Attorney for the District of Massachusetts, was quoted as saying.
From 2021 until 2024, the co-conspirators allegedly impersonated more than 80 U.S. individuals to get remote jobs at more than 100 American companies, causing $3 million in damages due to legal fees, data breach remediation efforts, and more.
The group is said to have run laptop farms inside the United States, which the North Korean IT workers could essentially use as proxies to hide their provenance, according to the DOJ. At times, they used hardware devices known as keyboard-video-mouse (KVM) switches, which allow one person to control multiple computers from a single keyboard and mouse. The group allegedly also ran shell companies inside the U.S. to make it seem like the North Korean IT workers were affiliated with legitimate local companies, and to receive money that would then be transferred abroad, the DOJ said.
The fraudulent scheme allegedly also involved the North Korean workers stealing sensitive data, such as source code, from the companies they were working for, such as from an unnamed California-based defense contractor “that develops artificial intelligence-powered equipment and technologies.”
The DOJ said the FBI carried out searches earlier in June on 21 locations across 14 states, which were allegedly hosting laptop farms used by the North Korean scheme. The FBI seized 137 laptops as a result of the raids.
The feds also said they seized at least 21 web domains, 29 financial accounts used to launder tens of thousands of dollars, and more than 70 laptops and remote access devices, including KVMs.
Five North Korean nationals were indicted for wire fraud and money laundering after they stole more than $900,000 in crypto from two unnamed companies, thanks to their use of fake or stolen identities, the DOJ said.
