U.S. DOJ Cracks Down on North Korean Remote IT Workforce Operating Illegally

The U.S. Department of Justice (DOJ) has announced a major crackdown on North Korea’s covert use of remote information technology (IT) workers to siphon millions from American companies and fund its weapons programs.

The coordinated law enforcement actions, resulted in the arrest of a New Jersey man, the seizure of 29 financial accounts, 21 fraudulent websites, and the search of 29 suspected “laptop farms” across 16 states.

Sophisticated Fraud Uncovered

According to court documents, North Korean operatives—often with the aid of accomplices in the U.S., China, the UAE, and Taiwan—fraudulently secured remote IT jobs at over 100 U.S. companies by using stolen or fake identities.

These workers, posing as U.S. citizens, infiltrated even Fortune 500 firms, gaining access to sensitive data, including export-controlled U.S. military technology and proprietary business information. 

In one case, North Korean IT workers stole more than $900,000 in virtual currency from a blockchain research company in Georgia.

The DOJ’s investigation revealed that U.S.-based facilitators played a crucial role in the scheme.

They established shell companies, hosted fraudulent websites, and operated “laptop farms”—locations where company-issued laptops were set up to allow North Korean workers to remotely access U.S. corporate systems.

These facilitators received significant payments for their services, with at least $696,000 traced to their accounts.

Zhenxing “Danny” Wang of New Jersey was arrested following a five-count indictment alleging his involvement in a multi-year fraud that generated over $5 million in illicit revenue.

Several Chinese and Taiwanese nationals were also charged, along with another U.S. resident, Kejia Wang, who remains at large. 

In a separate indictment in Georgia, four North Korean nationals were charged with wire fraud and money laundering related to the theft of virtual currency.

Officials warn that these schemes are not isolated incidents but part of a persistent campaign by North Korea to evade sanctions and finance its regime, including its weapons development.

“Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies,” said U.S. Attorney Leah B. Foley for the District of Massachusetts.

The DOJ’s actions are the latest in a series of efforts under the “DPRK RevGen: Domestic Enabler Initiative,” which targets illicit North Korean revenue generation and its U.S.-based enablers.

Authorities urge all U.S. companies employing remote workers to remain vigilant against such sophisticated threats.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates