Federal authorities have uncovered various schemes orchestrated by North Korea to fund its government through remote work for U.S. companies. The Justice Department (DOJ) announced on Monday that these efforts involved help from individuals in the U.S., China, the UAE, and Taiwan, allowing North Korean actors to secure positions at over 100 U.S. firms, including some Fortune 500 companies.
In one of the schemes, U.S.-based individuals developed fake websites alongside front companies to create the appearance of legitimacy for remote North Korean workers. They also managed laptop farms, enabling these workers to access necessary technology remotely. In another instance, North Korean employees used false identities to land jobs at a blockchain firm in Atlanta, Georgia, where they illicitly acquired more than $900,000 in cryptocurrency.
John A. Eisenberg, the National Security Advisor at the DOJ, noted that these schemes target U.S. businesses and aim to circumvent sanctions while supporting illegal programs, including North Korea’s weapons development initiatives. He remarked that while North Korea aims to fund its arms efforts by scamming American companies, the FBI is equally focused on disrupting these operations and holding those responsible accountable.
A five-count indictment was filed against Senxing One, a U.S. citizen from New Jersey, for facilitating these operations. Along with co-conspirators, they are reported to have generated over $5 million in revenue from remote IT contracts.
Additionally, Chinese nationals Jing Bin Huang, Baoyu Zhou, Tong Yuze, Yongzhe Xu, Ziyou Yuan, and Zhenbang Zhou were indicted, alongside Taiwanese citizens Li and Enchia Liu. Kezia “Tony” Wang, a U.S. national from New Jersey, was also indicted.
Eisenberg highlighted the immediate threat from North Korean cyber operatives and noted the systematic targeting of U.S. companies. The defendants allegedly exploited the identities of over 80 individuals in the U.S. to secure remote jobs, resulting in substantial losses, including legal costs and network repairs, totaling at least $3 million for the victim companies.
Wang and Zhenxing reportedly set up a shell company, creating a fraudulent façade for overseas IT workers. They allegedly received at least $696,000 in exchange for their services from these workers. Some of the schemes reportedly involved accessing sensitive data from a defense contractor engaged in developing AI technologies.
The DOJ revealed that the FBI and Defense Crime Investigation Services seized 17 websites associated with these schemes and 29 financial accounts, which contained significant sums of money. Furthermore, another indictment was issued against four North Korean citizens for alleged cryptocurrency theft exceeding $900,000 and laundering those proceeds.
Investigations showed that the defendants traveled to the UAE on North Korean documents, while concealing their true identities from employers in, among other places, Atlanta and Serbia. They allegedly gained trust and, subsequently, stole substantial sums, laundering the money via accounts fraudulently opened with foreign identification documents.
During this investigation, which spanned multiple states, the FBI searched 21 facilities linked to laptop farms and seized 137 laptops.
