The U.S. Department of Justice (DOJ) has launched a sweeping crackdown on a covert North Korean cyber scheme that placed undercover IT workers inside American tech firms to raise money for the regime’s nuclear weapons program. The operation didn’t just fund weapons—it also led to the theft of sensitive corporate data and cryptocurrency.
Federal prosecutors say the long-running scheme generated over $5 million for North Korea by infiltrating over 100 U.S. companies using fake identities, shell companies, and sophisticated hardware setups designed to mask the workers’ true origins. In the most significant action yet, Zhenxing “Danny” Wang, a U.S. citizen based in New Jersey, was arrested and charged with orchestrating the fraud.
U.S. Tech Jobs Used as Fronts for Espionage and Laundering
According to the indictment, Wang helped North Korean IT operatives pose as American professionals, enabling them to secure remote jobs across dozens of companies. From 2021 to 2024, the group allegedly impersonated more than 80 individuals, resulting in at least $3 million in damages from legal costs, data breaches, and corporate remediation efforts.
The DOJ’s investigation revealed a highly organized network of laptop farms within the U.S., acting as digital smokescreens for North Korean workers operating remotely. These setups often involved KVM switches—devices that allowed one person to control multiple computers—giving hackers full access to internal systems while hiding their location.
The scam was further bolstered by U.S.-based shell companies, which helped launder wages and send the funds back to North Korea. The FBI recently seized 137 laptops across 21 locations in 14 states, along with 29 financial accounts, over 70 remote access devices, and 21 domains linked to the operation.
Source Code Theft, Crypto Laundering, and Broader Risks
Beyond wage fraud, the hackers reportedly stole valuable data—including source code—from major American companies. One unnamed victim was a California-based defense contractor that develops AI-powered technologies. Prosecutors say this level of access to sensitive systems poses a serious national security risk.
The scheme wasn’t limited to job scams. According to the DOJ, five North Korean nationals were also indicted for stealing more than $900,000 in cryptocurrency from two companies using stolen or fake identities. Their actions triggered a multi-agency investigation that has unraveled one of North Korea’s most lucrative cyber operations to date.
Eight additional individuals were indicted for roles in the wider network, including six Chinese nationals and two Taiwanese citizens. Charges against them include conspiracy to commit wire fraud, identity theft, hacking, and violations of international sanctions.
U.S. officials say these efforts underscore a broader campaign by the North Korean government to exploit the global digital workforce. As U.S. Attorney Leah B. Foley put it, the regime has trained and deployed thousands of cyber operatives to blend into American companies, all while funneling profits back to fund nuclear weapons development.
The DOJ has pledged continued enforcement and is urging companies to tighten vetting processes for remote hires—especially as more jobs shift online. This case serves as a powerful reminder that behind every remote screen, there could be a rogue nation exploiting American access.
