DOJ Dismantles North Korean IT Job Scam: Stolen Identities & Laundering Funded DPRK Weapons
The U.S. Department of Justice has announced the uncovering of a vast scheme in which fraudulent IT specialists from North Korea secured employment with American companies by posing as citizens of other countries.
According to officials, North Korean programmers infiltrated more than one hundred U.S. firms using fabricated or stolen identities. In addition to collecting salaries, they exfiltrated confidential data and transmitted it to servers in Pyongyang. Cryptocurrencies were also among their targets—in one instance, a North Korean agent embezzled $740,000 from an American employer.
Notably, the perpetrators did not resort to deepfakes on this occasion, though such tactics are becoming increasingly prevalent. Cyberattacks continue to serve as a critical financial lifeline for North Korea amid ongoing international sanctions. As early as 2022, the FBI had warned that DPRK authorities were officially deploying programmers for remote work abroad.
According to court documents, one such operation began in January 2021. Zhengxing “Danny” Wang, who has been arrested in the United States, founded a fictitious firm called Independent Lab, purportedly a software development company. Through this entity, he funneled $5 million to North Korea, while American businesses suffered losses amounting to $3 million, including system recovery costs and legal fees.
Another individual, Kejia “Tony” Wang, established two shell companies and operated what were described as “laptop farms.” These companies sent computers to their so-called employees, but the devices remained within the U.S. and were remotely controlled from North Korea, effectively concealing the true locations of the operatives. American participants in the scheme reportedly earned at least $696,000.
Some of the infiltrators were dismissed following internal investigations. Authorities also uncovered a parallel operation in which four North Korean nationals, operating under false identities, worked as IT specialists in the UAE, the U.S., and Serbia. They stole cryptocurrency and laundered it through Tornado Cash.
Between June 10 and 17, U.S. authorities seized 137 laptops from suspicious “farms” across multiple states. A reward of up to $5 million is being offered for information leading to the disruption of similar schemes.
