Ddos 
In a major national security crackdown, the U.S. Department of Justice (DOJ) has dismantled a sprawling cyber-enabled fraud operation run by North Korean operatives. The scheme, which exploited remote IT jobs at over 100 U.S. companies, involved the use of stolen identities, fake shell companies, and laundered salaries, all designed to secretly fund the DPRK’s weapons and cyber warfare programs.
“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” said Assistant Attorney General John A. Eisenberg.
The heart of the scheme involved North Korean IT workers posing as U.S. citizens—many using stolen identities—to obtain remote jobs at major companies across sectors, including blockchain, defense, and software development. Once hired, the workers gained access to corporate systems and, in some cases, exfiltrated sensitive data, including ITAR-controlled information from a California-based defense contractor.
“North Korean IT workers posing as U.S. citizens fraudulently obtained employment with American businesses so they could funnel hundreds of millions of dollars to North Korea’s authoritarian regime,” said Assistant Director Roman Rozhavsky of the FBI’s Counterintelligence Division.
In an elaborate ruse, U.S.-based enablers like Zhenxing “Danny” Wang and Kejia Wang received and hosted company-issued laptops in their homes, connecting them to keyboard-video-mouse (KVM) switches. This allowed North Korean operatives in China and elsewhere to remotely control the laptops, creating the illusion that workers were U.S.-based.
“To deceive U.S. companies… they enabled overseas IT workers to access the laptops remotely by… connecting the laptops to hardware devices designed to allow for remote access,” according to court documents.
The fraud was not only technical but financial. Shell companies like Hopana Tech LLC and Tony WKJ LLC were created to receive salary payments from U.S. companies, which were then laundered through dozens of U.S. and international bank accounts.
“The indictment describes a multi-year fraud scheme by Wang and his co-conspirators to obtain remote IT work… that generated more than $5 million in revenue.”
In return for facilitating the access and laundering operations, U.S.-based conspirators received at least $696,000 in compensation from the IT workers.
In one alarming incident, an overseas actor accessed a U.S. defense contractor’s laptop without authorization between January 19 and April 2, 2024, extracting sensitive data governed by the International Traffic in Arms Regulations (ITAR).
“The stolen data included information marked as being controlled under the ITAR,” DOJ said.
In another breach, a blockchain development firm in Atlanta reported the theft of over $900,000 in virtual currency, attributed to the same North Korean IT actors.
The DOJ announced:
- The arrest of Zhenxing Wang in New Jersey
- Indictments against nine other individuals from China and Taiwan
- The seizure of 29 financial accounts and 21 fraudulent websites
- Searches across 29 known or suspected “laptop farms” in 16 states
- Forensic recovery of over 70 laptops and remote access devices
Related Posts:
- India announces to use artificial intelligence to develop weapon systems
- DPRK IT Workers: A Global Threat Expanding in Scope and Scale
- Millions Stolen: North Korea Hackers Target Blockchain Industry
- RMM Tools: The New Weapon of Choice for Cybercriminals
- Russian nuclear weapons scientists arrested for using supercomputer to mine Bitcoins
Donate