|
Getting your Trinity Audio player ready...
|
Washington, D.C. — The U.S. Department of Justice has announced a coordinated series of law enforcement actions targeting the Democratic People’s Republic of Korea (DPRK) for using fraudulent remote information technology (IT) employment in the United States to fund its sanctioned weapons programs.
The operations span 16 states and involve:
- Two federal indictments
- One arrest
- Searches at 29 suspected “laptop farms”
- Seizure of 29 financial accounts, 21 fraudulent websites, and nearly 200 computers
Authorities say North Korean IT workers, posing as remote employees using stolen or fake identities, fraudulently obtained jobs with more than 100 U.S. companies—often with assistance from enablers based in the U.S., China, UAE, and Taiwan. These workers allegedly funneled millions of dollars in illicit earnings to the DPRK regime.
Indictments Detail Extensive Fraud and Espionage
Massachusetts Indictment and Arrest of U.S. National
A five-count indictment unsealed in the District of Massachusetts charges New Jersey resident Zhenxing “Danny” Wang and multiple foreign nationals with running a multi-year fraud scheme generating over $5 million in revenue. Wang and his associates allegedly:
- Compromised over 80 U.S. identities
- Created shell companies (e.g., Hopana Tech LLC, Tony WKJ LLC)
- Hosted “laptop farms” to enable North Korean access to U.S. job platforms
- Facilitated unauthorized access to export-controlled U.S. military technology at a California-based defense contractor
The Justice Department says the group’s actions caused at least $3 million in damages to U.S. companies. Seventeen web domains and 29 financial accounts linked to the scheme were seized.
Georgia Indictment Targets North Korean Nationals for Crypto Theft
Separately, an indictment in the Northern District of Georgia charges four North Korean nationals with stealing over $900,000 in cryptocurrency from companies in the U.S. and Serbia. Defendants used fake identities and employment to access company systems and siphon funds using the Tornado Cash mixer and fraudulent exchange accounts.
The FBI is seeking the arrest of Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il, who remain at large.
National Search Operation and Seizures
From June 10–17, 2025, the FBI executed coordinated searches at 21 locations across 14 states, recovering approximately 137 laptops and access devices from suspected “laptop farms.” These farms hosted U.S.-company-issued computers accessed remotely by DPRK operatives abroad.
The actions involved multiple U.S. Attorney’s Offices, with coordination led by the FBI Denver Field Office.
DOJ and FBI Warnings
Senior officials emphasized the ongoing threat posed by North Korea’s use of remote IT work to:
- Evade international sanctions
- Steal proprietary and sensitive U.S. business and defense data
- Funnel hundreds of millions of dollars into its weapons development programs
“This operation is a clear message to those enabling the DPRK’s illicit schemes—your actions will not go unnoticed,” said Assistant Attorney General John A. Eisenberg. “We are committed to dismantling these networks.”
The DOJ’s “DPRK RevGen: Domestic Enabler Initiative,” launched in partnership with FBI cyber and counterintelligence divisions, continues to investigate and disrupt such schemes. In prior enforcement efforts, the Department has seized millions in illicit proceeds and published guidance warning companies of red flag indicators.
Industry Guidance and Public Advisories
The Justice Department reiterated that North Korean IT workers may individually earn up to $300,000 annually, with collective earnings amounting to hundreds of millions annually. These funds often support DPRK entities designated under U.S. sanctions, including the Ministry of Defense.
U.S. companies are urged to remain vigilant when hiring remote workers and to consult public advisories issued by the FBI, Treasury, State Department, and international partners, including South Korea.
The U.S. State Department continues to offer rewards of up to $5 million for information leading to the disruption of North Korea’s illicit financial and cyber activities.
Note: The charges detailed in the indictments are allegations. All defendants are presumed innocent until proven guilty in a court of law.
For More Information:
Visit justice.gov or contact the DOJ Office of Public Affairs.
