Hundreds of laptops, bank accounts linked to North Korean fake IT workers scheme seized in major crackdown
North Korean operatives worked with individuals in the US, China, United Arab Emirates and Taiwan to successfully obtain employment with more than 100 US companies.
Dante Ulanday - News Moderator The Justice Department on Monday announced the seizure of hundreds of financial accounts, fraudulent websites and laptops linked to a massive scheme by North Korean operatives posing as remote workers to infiltrate top tech companies and funnel money back to Pyongyang’s weapons program.
The major government crackdown follows recent findings by cybersecurity experts revealing that several Fortune 500 firms were impacted by the intricate plot, which involves North Korean operatives using stolen identities and sophisticated AI tools to sail through the interview and hiring process. The cyber operation has grown more prolific as remote work in the U.S. has exploded, particularly in response to the Covid-19 pandemic.
According to the DOJ, around 100 U.S. companies have unknowingly hired workers tied to the North Korean regime, who have also used their access to company systems to steal U.S. intellectual property and virtual currency.
One company targeted was an unnamed California-based defense contractor that worked on artificial intelligence-powered equipment. Some of its technical data and files were compromised and sent abroad.
“Any government contracting company utilizing remote work could be a potential victim in the future,” said an FBI official, granted anonymity as a condition of speaking to reporters ahead of the announcement.
These North Korean agents are often aided by individuals running so-called laptop farms across the U.S. According to the DOJ, 29 known or suspected laptop farms across 16 states were searched. Around 200 laptops were seized by the FBI, along with dozens of financial accounts and fraudulent websites used to launder money.
Individuals from the U.S., China, United Arab Emirates and Taiwan, helped North Korean agents successfully embed themselves inside U.S. companies, the press release states.
U.S. national Zhenxing Wang was arrested and indicted for his involvement in a multiyear plot that allowed overseas operatives to obtain remote IT work with U.S. companies, generating more than $5 million in revenue. The scheme involved stealing the identities of around 80 U.S. citizens.
“North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime,” Assistant Director Brett Leatherman of the FBI’s Cyber Division said in a statement. “Let the actions announced today serve as a warning: if you host laptop farms for the benefit of North Korean actors, law enforcement will be waiting for you.”
In addition, four North Korean nationals were separately indicted for allegedly stealing $900,000 in virtual currencies from two unnamed companies based in Georgia.
The DOJ has previously taken action against these schemes, including arresting multiple U.S. nationals running the laptop farms over the past year. One American woman pleaded guilty in February to hosting a laptop farm from her home, which allowed overseas IT workers to receive more than $17.1 million for their work.
The State Department continues to offer a $5 million reward for information that could disrupt North Korean financial and other illicit activities.
:quality(85):upscale()/2024/12/02/919/n/1922398/2b4b75f6674e20edcc99c3.42112799_.jpg){kind=small}
:quality(85):upscale()/2024/11/27/891/n/1922398/123acea767477facdac4d4.08554212_.jpg){kind=small}
:quality(85):upscale()/2025/02/03/788/n/1922283/010b439467a1031f886f32.95387981_.jpg){kind=small}
:quality(85):upscale()/2025/02/27/808/n/1922398/26784cf967c0adcd4c0950.54527747_.jpg){kind=small}
