U.S. DoJ Cracks Down on North Korean IT Workers Operating Remotely

The U.S. Department of Justice has launched comprehensive coordinated actions against North Korean government schemes that fraudulently employ remote IT workers at American companies to fund the regime’s illicit programs.

The operation resulted in two major indictments, one arrest, searches across 16 states, and the seizure of millions in assets and fraudulent infrastructure.

Federal prosecutors announced two significant indictments targeting North Korean IT worker schemes that generated millions in illicit revenue.

In Massachusetts, authorities arrested U.S. national Zhenxing “Danny” Wang of New Jersey on charges related to a multi-year fraud operation that generated over $5 million.

Wang and eight co-conspirators from China and Taiwan allegedly compromised more than 80 American identities to secure remote positions at over 100 U.S. companies, including Fortune 500 corporations.

The scheme involved creating shell companies with fraudulent websites to legitimize overseas IT workers, while operating “laptop farms” where North Korean actors could remotely access company-provided computers.

These workers successfully infiltrated sensitive projects, stealing export-controlled military technology data from a California defense contractor and other proprietary information worth millions.

In a separate Georgia case, four North Korean nationals—Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il—face wire fraud and money laundering charges for stealing over $900,000 in virtual currency from blockchain companies.

Working from the United Arab Emirates, they used stolen identities to gain employment at an Atlanta-based blockchain research firm and a Serbian virtual token company, subsequently manipulating smart contracts to steal cryptocurrency.

Nationwide Laptop Farm

Between June 10-17, 2025, the FBI executed coordinated searches of 21 premises across 14 states, seizing approximately 137 laptops used in suspected North Korean IT schemes.

These “laptop farms” served as crucial infrastructure allowing overseas workers to appear as U.S.-based employees while accessing American corporate networks remotely.

Key highlights from the nationwide operation include:

• Coordinated multi-state searches: FBI executed searches of 21 premises across 14 states between June 10-17, 2025.
• Laptop seizures: Approximately 137 laptops used in suspected North Korean IT schemes were confiscated.
• Multi-office coordination: Operations were coordinated by multiple U.S. Attorney’s Offices.
• Largest domestic action: Represents the largest domestic action against North Korean cyber infrastructure to date.
• Financial account seizures: Authorities seized 29 financial accounts containing tens of thousands of dollars.
• Website shutdowns: 21 fraudulent websites used to promote fake IT consulting companies were shut down.

The operations, coordinated by multiple U.S. Attorney’s Offices, represent the largest domestic action against North Korean cyber infrastructure to date.

Authorities also seized 29 financial accounts containing tens of thousands of dollars and shut down 21 fraudulent websites used to promote fake IT consulting companies.

Security Implications

The Justice Department’s actions highlighted the sophisticated nature of North Korean revenue generation schemes, which collectively generate hundreds of millions annually for the regime’s weapons programs.

Individual North Korean IT workers can earn up to $300,000 per year, with funds directly supporting designated entities including the North Korean Ministry of Defense.

Assistant Attorney General John A. Eisenberg emphasized that these schemes “target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs”.

The coordinated response reflects the DPRK RevGen: Domestic Enabler Initiative, a joint effort between the National Security Division and FBI Cyber and Counterintelligence Divisions specifically targeting North Korean illicit revenue schemes and their domestic facilitators.

The State Department has offered rewards up to $5 million for information supporting international efforts to disrupt North Korean illicit financial activities, including cybercrimes and sanctions evasion, underscoring the national security priority of combating these sophisticated threats.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.