The DOJ has reported that 29 North Korean laptop farms operating in 16 states have successfully infiltrated over 100 American companies, effectively funding the country’s military programs.
This week, the DOJ announced a coordinated effort aimed at targeting North Korean IT workers embedded in American firms. The operation included multiple charges, arrests, and the identification of 29 known or suspected “laptop farms” across 16 states, alongside the seizure of 29 financial accounts linked to money laundering and 21 fraudulent websites.
According to reports, the Department of Justice facilitated one of the schemes by setting up front companies and fake websites to showcase the credentials of remote IT workers. These laptop farms manage to sidestep scrutiny typically associated with exporting laptops for remote U.S. employees.
Due to international sanctions, North Korea has found it exceedingly difficult to finance its nuclear program through legitimate channels. As a result, the nation has resorted to stealing billions in cryptocurrencies, engaging in ransomware attacks, and now, securing high-paying jobs in U.S. tech companies as an alternative income source.
In 2022, the State Department, Treasury Department, and the FBI warned that North Korea had deployed thousands of skilled IT workers globally, often misrepresenting them as foreign or American teleworkers. These individuals employ virtual private networks (VPNs), private servers (VPSs), and use third-party IP addresses, proxy accounts, and counterfeit or stolen IDs to evade detection.
Despite this exposure of their fundraising tactics, North Korea seems undeterred. In fact, Google Cloud revealed in March that the threat has evolved, with North Korean IT workers expanding their operations beyond the U.S., particularly targeting Europe. They’ve also intensified intimidation tactics against employers to carry out their activities on corporate virtual desktops, networks, and servers.
Shutting down these operations is crucial for safeguarding businesses from North Korean agents intent on stealing intellectual property and engaging in cybercrime, as well as exploiting access to private resources to siphon off cryptocurrency. One notable incident involved an agent stealing over $900,000 in cryptocurrency from a company located in Atlanta.
