The Department of Justice (DoJ) announced coordinated, nationwide actions on Monday to disrupt the Democratic People’s Republic of North Korea (DPRK) government’s schemes that placed North Korean individuals in remote IT jobs for U.S. companies under false identities.
These actions include the seizure of 29 financial accounts used to launder illicit funds and 21 fake websites, searches of 29 known or suspected “laptop farms” across 16 states, two indictments, and the arrest of an alleged U.S. facilitator.
According to the DoJ, the North Korean actors successfully obtained employment with over 100 U.S. companies and were assisted by individuals in the United States, China, United Arab Emirates, and Taiwan.
“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” Assistant Attorney General John Eisenberg, the head of the Justice Department’s National Security Division, said in a press release.
“The Justice Department, along with our law enforcement, private sector, and international partners, will persistently pursue and dismantle these cyber-enabled revenue generation networks,” Eisenberg said.
The United States Attorney’s Office for the District of Massachusetts and the National Security Division announced the arrest of U.S. national Zhenxing “Danny” Wang of New Jersey. The indictment says Wang and his co-conspirators were able obtain remote IT work with U.S. companies that generated over $5 million in revenue.
The indictment explains that the defendants and other co-conspirators compromised the identities of more than 80 U.S. individuals to obtain remote jobs at over 100 U.S. companies from 2021 until October 2024. Many of these companies were Fortune 500 companies.
In separate charges, the U.S. Attorney’s Office for the Northern District of Georgia unsealed a five-count wire fraud and money laundering indictment charging four North Korean nationals. According to the DoJ, those individuals stole virtual currency from two companies – valued at over $900,000 at the time of the thefts – and laundered the proceeds of those thefts. Those defendants are still at large and wanted by the FBI.
Additionally, DoJ said that from June 10 to June 17 the FBI executed searches of 21 premises across 14 states hosting known and suspected “laptop farms.” Laptop farms refer to a collection of computers that are located in one place but controlled remotely, allowing operators to hide their actual location.
In total, the DoJ said that the FBI seized approximately 137 laptops.
“North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “That is why the FBI and our partners continue to work together to disrupt infrastructure, seize revenue, indict overseas IT workers, and arrest their enablers in the United States.”
“Let the actions announced today serve as a warning: if you host laptop farms for the benefit of North Korean actors, law enforcement will be waiting for you,” Leatherman said.