U.S DoJ Announces Nationwide Actions to Combat North Korean Remote IT Workers
The U.S. Department of Justice announced coordinated nationwide law enforcement actions on June 30, 2025, targeting North Korean remote information technology workers’ illicit revenue generation schemes that have defrauded American companies and funded the DPRK’s weapons programs.
Summary
1. The U.S. DoJ conducted coordinated enforcement across 16 states on June 30, 2025, targeting North Korean remote IT workers funding DPRK weapons programs.
2. Operation resulted in 29 financial account seizures, 21 website takedowns, 200 computer seizures, and searches at 29 "laptop farms."
3. North Korean operatives infiltrated 100+ U.S. companies, generating $5+ million illicitly while causing $3+ million in damages.
4. Schemes involved stealing classified defense data under ITAR regulations and $900,000+ in cryptocurrency theft from blockchain companies.
The comprehensive enforcement action spanned 16 states, resulting in two federal indictments, one arrest, and the seizure of 29 financial accounts containing tens of thousands of dollars, 21 fraudulent websites, and approximately 200 computers.
Federal agents executed searches at 29 known or suspected “laptop farms” where North Korean IT workers remotely accessed U.S. company-provided equipment using KVM (Keyboard-Video-Mouse) switches and other remote access devices.
.png
)
Massive North Korean IT Worker Scheme
According to court documents, the schemes involved North Korean individuals fraudulently obtaining employment with more than 100 U.S. companies using stolen and fake identities, with assistance from accomplices in the United States, China, the United Arab Emirates, and Taiwan.
The operation successfully infiltrated numerous Fortune 500 companies, generating over $5 million in illicit revenue while causing victim companies at least $3 million in damages, including legal fees and network remediation costs.
The North Korean operatives demonstrated advanced technical capabilities, gaining access to sensitive employer data, including ITAR (International Traffic in Arms Regulations) controlled information from a California-based defense contractor developing AI-powered military technologies.
Between January and April 2024, overseas conspirators remotely accessed the defense contractor’s systems without authorization, stealing classified technical data marked under ITAR export control regulations.
In a separate blockchain-focused scheme, four North Korean nationals working from the United Arab Emirates used fraudulent identities to infiltrate an Atlanta-based blockchain research and development company.
The defendants, Kim Kwang Jin, Jong Pong Ju, Chang Nam Il, and Kang Tae Bok, stole virtual currency worth over $900,000 by modifying smart contract source code and laundering the proceeds through Tornado Cash, a cryptocurrency mixer service.
$5M Reward for Info on North Korea’s Illicit Actions
These actions represent the latest phase of the Justice Department’s DPRK RevGen: Domestic Enabler Initiative, a joint effort between the National Security Division and the FBI’s Cyber and Counterintelligence Divisions specifically targeting North Korean revenue generation schemes.
The initiative has previously resulted in civil forfeiture actions, including a June 2025 complaint for over $7.74 million tied to illegal employment schemes.
Assistant Director Brett Leatherman of the FBI’s Cyber Division emphasized the persistent threat, stating that North Korean IT workers can individually earn up to $300,000 annually, collectively generating hundreds of millions of dollars for designated entities, including the North Korean Ministry of Defense.
The Department of State has offered rewards up to $5 million for information supporting efforts to disrupt DPRK’s illicit financial activities, including cybercrimes and sanctions evasion.
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now
Source link
