July 2, 2025
SEOUL – North Korean tech workers stole the identities of more than 80 US citizens to illegally obtain remote jobs at over 100 American companies — including many Fortune 500 firms — and stole sensitive information such as US military technology, according to the US Justice Department.
The department said Monday that the orchestrated operation was part of a broader effort by the Kim Jong-un regime to funnel illicit revenue through fake employment, with help from enablers in the US, China, the United Arab Emirates and Taiwan.
The Justice Department disclosed two indictments along with the outcome of sweeping investigations: the arrest of US national Zhenxing “Danny” Wang of New Jersey and searches of 29 known or suspected “laptop farms” across 16 US states. Laptop farms are physical locations where multiple devices are maintained and operated to create the illusion that remote workers are based in a specific geographic location.
The department said investigators also seized 29 financial accounts holding tens of thousands of dollars, which were used to launder revenue for the North Korean regime through the remote information technology work scheme.
According to one indictment, North Korean IT workers and overseas co-conspirator facilitators based in New Jersey, New York, California and abroad perpetrated a coordinated multiyear fraud scheme that generated over $5 million by obtaining remote IT jobs at US companies.
“While some North Korean IT workers operate from cities inside North Korea, many work in China in cities near the North Korean border, including Dandong and Shenyang,” the indictment read.
“The conspiracy perpetuated a massive fraud that impacts US companies in multiple industries across much of the United States, including Massachusetts, California, New York, New Jersey, Florida, New Mexico, Georgia, Maryland, Alabama, North Carolina, Illinois, Ohio, South Carolina, Michigan, Texas, Indiana, Arkansas, Missouri, Tennessee, Minnesota, Rhode Island, Wisconsin, Oregon, Pennsylvania, Washington, Utah, Colorado and the District of Columbia,” the indictment added.
A photo extracted by The Korea Herald from a US federal indictment released by the Justice Department on Monday shows a stolen US citizen’s ID allegedly used by an unidentified overseas co-conspirator to apply for a position at an unnamed US company. PHOTO: US DEPARTMENT OF JUSTICE/THE KOREA HERALD
From around 2021 to October 2024, North Korean IT workers and their co-conspirators compromised the identities of more than 80 US citizens to obtain remote jobs at over 100 companies, including many Fortune 500 firms. Their actions caused the related companies to incur at least $3 million in legal fees, network remediation costs and other damages.
Once hired, the North Korean IT workers received regular salaries and, in some cases, accessed or stole sensitive company information, including export-controlled US military technology.
For instance, North Korean IT workers employed under the illegal scheme also gained access to sensitive employer data and source code from a California-based defense contractor that develops artificial intelligence-powered equipment and technologies.
According to the indictment, a North Korean worker remotely accessed the company’s laptop and computer files without authorization between Jan. 19 and April 2, 2024.
The sensitive documents and files — many of which related to US military technology controlled under the US State Department’s International Traffic in Arms Regulations — were compromised.
Another indictment revealed that North Korean IT workers used false or fraudulently obtained identities to seek employment with a blockchain research and development company in Atlanta and a virtual token company based in Serbia.
Four North Korean nationals — Kim Kwang-jin, Kang Tae-bok, Jong Pong-ju and Chang Nam-il — were charged with stealing virtual currency worth over $900,000 from the two companies and laundering the proceeds.
According to the indictment, the defendants, who are still at large and wanted by the FBI, traveled to the UAE using North Korean travel passports and worked as a co-located team.
“The threat posed by DPRK operatives is both real and immediate,” Leah Foley, US attorney for the District of Massachusetts, said Monday, referring to North Korea by the acronym of its official name. “Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target US companies.”
dagyumji@heraldcorp.com