Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Federal authorities have exposed a complex operation by the Democratic People’s Republic of North Korea that involved infiltrating major U.S. corporations through remote information technology work. This breach has led to two indictments, several tech and financial seizures, and the arrest of a key suspect.
The Department of Justice disclosed on Monday that North Korean actors, in collaboration with individuals based in the United States, China, the United Arab Emirates, and Taiwan, managed to secure employment with over 100 U.S. companies, including several Fortune 500 firms.
Exposing the Schemes
One scheme involved U.S.-based individuals creating false companies and fraudulent websites designed to lend credibility to remote workers. They operated laptop farms to enable North Korean IT workers to remotely operate company-provided laptops.
In another instance, North Korean IT professionals assumed false identities to gain positions with a blockchain research and development enterprise located in Atlanta, Georgia. This theft resulted in over $900,000 in virtual currency being stolen.
Government Officials Weigh In
According to Assistant Attorney General John A. Eisenberg of the DOJ’s National Security Division, these schemes are targeted efforts to defraud U.S. companies, evade sanctions, and generate funds for North Korea’s unlawful activities, including its weapons programs.
Assistant Director Roman Rozhavsky of the FBI Counterintelligence Division emphasized the government’s commitment to countering these efforts. He stated that North Korean IT operatives masquerading as U.S. citizens exploit employment opportunities to divert hundreds of millions of dollars to the North Korean regime.
Details of the Indictments
The recent indictment unsealed by the DOJ includes five counts against Zhenxing Wang, an individual residing in New Jersey, who has been apprehended.
Wang, along with co-conspirators, allegedly procured remote IT work opportunities with U.S. firms and generated revenues exceeding $5 million.
Notably charged alongside Wang are several Chinese nationals including Jing Bin Huang, Baoyu Zhou, Tong Yuze, Yongzhe Xu, Ziyou Yuan, and Zhenbang Zhou. Taiwanese nationals Mengting Liu and Enchia Liu also face indictments.
Additionally, U.S. national Kejia “Tony” Wang of New Jersey has been separately indicted.
Ongoing Cyber Threat
U.S. Attorney Leah B. Foley for the District of Massachusetts highlighted the pressing danger posed by North Korean operatives. Thousands of cyber operatives have been trained to blend into the global workforce and systematically target American businesses.
The DOJ’s indictment suggests that from 2021 through a substantial part of 2024, the defendants and their conspirators compromised the identities of over 80 individuals in the U.S. to secure remote jobs at more than 100 companies. The victim companies incurred damages, legal fees, and other costs amounting to at least $3 million.
Wang and others reportedly assisted overseas IT workers with numerous facets of the schemes. They facilitated the receipt of laptops from U.S. companies directly to their homes, where they enabled the overseas IT workers to gain remote access to the devices.
Creating a Facade of Legitimacy
Wang and his co-conspirators established shell companies and websites meant to simulate legitimate business affiliations for the overseas IT workers. This fraudulent set-up allowed them to receive payments from U.S. firms, subsequently transferring the funds to co-conspirators abroad.
In compensation for their services, the U.S.-based facilitators reportedly received at least $696,000 from the IT workers.
The DOJ stated that one of the companies accessed was a defense contractor involved in developing artificial intelligence-driven technology. The scheme revealed that the defendants gained access to sensitive data under International Traffic in Arms Regulations.
Seizures and Further Investigations
The DOJ announced that the FBI and Defense Criminal Investigative Service seized 17 web domains associated with the fraudulent operations and 29 financial accounts holding tens of thousands of dollars. These accounts were allegedly used to launder money for the North Korean regime.
Furthermore, a separate indictment included charges against four North Korean nationals: Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Change Nam II. They are accused of scheming to steal virtual currency valued at over $900,000 and laundering the proceeds.
The Continuing Pursuit of Justice
All four suspects remain at large and are wanted by the FBI. U.S. Attorney Theodore S. Hertzberg for the Northern District of Georgia noted that the defendants employed fake identities to hide their true origins, stealing substantial amounts from unsuspecting employers.
The indictment emphasizes the unique threat posed by North Korean operatives in the realm of remote IT employment and underscores the DOJ’s commitment to prosecute both domestic and international actors involved in these fraudulent activities.
The indictment alleges that the defendants used North Korean travel documents to journey to the United Arab Emirates, coordinating as a physical team in their efforts. Jin and Ju were reportedly employed by a blockchain and virtual token company while maintaining false identities.
As the investigation proceeded, the FBI conducted extensive searches across 14 states targeting known laptop farms, leading to the seizure of 137 laptops.
Looking Ahead
The unfolding events highlight the escalating cyber threats from North Korean operatives. It is imperative for businesses to remain vigilant and aware of potential risks associated with remote IT employment. Law enforcement agencies continue to work tirelessly to ensure the safety and integrity of the digital workforce in the U.S.
