The United States Department of Justice announced on Monday a nationwide operation targeting fraudulent IT worker schemes that have been secretly funding the North Korean government.
These schemes involve North Korean nationals obtaining remote IT jobs at U.S. companies by using false or stolen identities. Over the past six years, they are believed to have generated more than $88 million.
Hundreds of American companies were reportedly tricked into employing these individuals. U.S. citizens allegedly helped conceal their real identities by running "laptop farms," which allowed the workers to appear as though they were operating from within the United States.
The Department of Justice coordinated actions in 16 states, including searches at 29 known or suspected laptop farm locations. Authorities seized 29 financial accounts connected to the laundering of illegal profits, took down 21 websites, made one arrest, and issued two indictments.
Court documents revealed that individuals based in the U.S., China, the United Arab Emirates, and Taiwan played roles in helping North Korean operatives get hired by more than 100 American companies. This was done through front companies, fake websites, and by hosting laptop farms.
In addition to receiving salaries, the North Korean IT workers gained access to sensitive information, including U.S. military technology regulated under export control laws, as well as cryptocurrency.
In one case, North Korean operatives infiltrated a blockchain research firm based in Atlanta, Georgia, and stole over $900,000 in cryptocurrency. The DOJ announced the arrest of Zhenxing “Danny” Wang, a U.S. citizen from New Jersey. He is accused of playing a key role in a fraud operation that used more than 80 stolen identities to generate over $5 million. The scheme affected more than 100 American companies, including several from the Fortune 500 list.
The investigation also uncovered that the operatives accessed restricted data governed by the International Traffic in Arms Regulations (ITAR). A co-conspirator based overseas stole information labeled as controlled under ITAR from a defense contractor in California.
In connection to the broader scheme, several foreign nationals were indicted, including Chinese citizens Jing Bin Huang, Baoyu Zhou, Tong Yuze, Yongzhe Xu, Ziyou Yuan, and Zhenbang Zhou, along with Taiwanese nationals Mengting Liu and Enchia Liu. Authorities seized an additional 17 domains and 29 financial accounts containing tens of thousands of dollars.
Another indictment was issued against four North Korean nationals Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il for stealing over $900,000 in digital assets. These funds were taken from the Atlanta-based blockchain company and a virtual token firm in Serbia.
After being hired, Kim and Jong were assigned positions that gave them access to virtual currency systems. Between February and March 2022, they stole $175,000 and $740,000 from their employers. The stolen funds were then laundered using the cryptocurrency mixing service Tornado Cash.
Earlier in June, the FBI conducted searches at 21 sites across 14 states. These operations led to the seizure of approximately 137 laptops believed to have been used in the North Korean remote work schemes.
Microsoft reported on Monday that it had suspended 3,000 Microsoft consumer accounts linked to North Korean IT operatives. The company stated that these workers used artificial intelligence and local enablers to hide their identities and secure jobs. Microsoft is tracking this activity under the name Jasper Sleet.
John Hultquist, Chief Analyst at Google’s Threat Intelligence Group, commented in an email that most major U.S. companies have already been affected by these scams. He called it an ongoing epidemic.
He also praised law enforcement efforts, especially those targeting the facilitators who act as intermediaries for North Korean workers. Without their involvement, such schemes would be far more difficult to carry out. However, he emphasized the need for companies to review and strengthen their hiring practices, noting that careful screening often helps uncover fraudulent activity.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
