Jul 01, 2025 12:30:00

The Department of Justice uncovered a scheme in which North Korean remote workers infiltrated American IT companies and earned more than 7 million yen

The US Department of Justice has uncovered a scheme to send remote workers to US IT companies and transfer funds to the US for the purpose of promoting North Korea's nuclear weapons development program. The profits brought to North Korea from this long-running operation are estimated to be more than $5 million (about 700 million yen).

Office of Public Affairs | Justice Department Announces Coordinated, Nationwide Actions to Combat North Korean Remote Information Technology Workers' Illicit Revenue Generation Schemes | United States Department of Justice

https://www.justice.gov/opa/pr/justice-department-announces-coordinated-nationwide-actions-combat-north-korean-remote

District of Massachusetts | Nine Charged with Alleged Scheme to Generate Revenue for North Korean Government and Its Weapons of Mass Destruction Program | United States Department of Justice
https://www.justice.gov/usao-ma/pr/nine-charged-alleged-scheme-generate-revenue-north-korean-government-and-its-weapons

US government takes down major North Korean 'remote IT workers' operation | TechCrunch
https://techcrunch.com/2025/06/30/us-government-takes-down-major-north-korean-remote-it-workers-operation/

According to the Department of Justice, North Korea used stolen or fake identities to infiltrate American IT companies as remote workers, receive regular pay, and access or steal confidential information from their employers, including military technology and virtual currency. More than 100 companies were affected.

To carry out the operation, individuals residing in the United States hosted front companies and fraudulent websites to make North Korean remote workers appear as bona fide workers, as well as 'laptop farms' through which North Korean remote workers could remotely access the victim companies.

In addition, a blockchain company based in Atlanta, Georgia, reportedly had over $900,000 (about $130 million) in cryptocurrency stolen after hiring North Korean workers with fraudulently obtained identities.

'These schemes target American businesses and are designed to steal from them, evade sanctions, and fund the North Korean government's nefarious programs, including its weapons development,' said Assistant Attorney General John A. Eisenberg of the Department of Justice's National Security Division. 'The Department of Justice will work with law enforcement, private companies, and international partners to vigorously pursue and dismantle these cyber-revenue generating schemes.'

In this latest crackdown, New Jersey resident Wang 'Danny' Zhenxin was arrested and indicted, along with eight others.

North Korea is known to be sending remote workers to several Fortune 100 companies.

Investigation reveals that North Korean IT worker 'UNC5267' has infiltrated multiple 'Fortune 100' companies - GIGAZINE

However, since it has become widely known and feared that North Korean remote workers are infiltrating American companies, European and Asian countries are also being targeted.

Google survey reveals that North Korean IT workers are expanding around the world to illegally get jobs at companies in the face of US sanctions - GIGAZINE

The charges against the defendants include conspiracy to commit mail and wire fraud, conspiracy to commit money laundering, and conspiracy to violate the International Emergency Economic Powers Act (IEEPA), each of which carries a maximum sentence of 20 years in prison, three years of supervised release, and a maximum fine of $250,000 (approximately 36 million yen).

The conspiracy to commit damage to a protected computer carries a maximum sentence of 15 years in prison, three years of supervised release and a $250,000 fine, while the conspiracy to commit identity theft carries a maximum sentence of five years in prison, three years of supervised release and a $250,000 fine.

It is unclear whether Wang has admitted to the charges.