The U.S. Department of Justice announced the dismantling of a scheme that allowed North Korea to extract millions of dollars from remote IT workers to fund its nuclear weapons program, steal data and cryptocurrency. Nine people were charged, including one U.S. citizen who ran the scheme from New Jersey, and the others from China and Taiwan.
The U.S. Department of Justice announced the dismantling of a scheme that allowed North Korea to extract millions of dollars from remote IT workers to fund its nuclear weapons program, steal data and cryptocurrency. Nine people were charged, including one U.S. citizen who ran the scheme from New Jersey, and the others from China and Taiwan.
The international operation resulted in the arrest of U.S. citizen Zhengsin “Danny” Wang, who ran a scheme from New Jersey to infiltrate remote North Korean IT workers into American technology companies for years. The scheme generated more than $5 million in revenue for North Korea, TechCrunch reports .
Wang is charged with conspiracy to commit wire fraud, money laundering, and identity theft.
The feds also charged eight other people involved in the scheme: six Chinese citizens and two Taiwanese citizens. All of them face the same charges as Wang, as well as hacking and sanctions violations.
From 2021 to 2024, they all posed as over 80 US citizens to obtain remote work at over 100 US companies, causing losses of $3 million in legal fees, data breach remediation efforts, and more.
According to the Justice Department, the group set up laptop farms in the United States that North Korean IT professionals could use as proxy servers to disguise their origins. They sometimes used hardware devices known as keyboard-video-mouse (KVM) switches, which allow one person to control multiple computers with a single keyboard and mouse. The group also used front companies in the United States to create the appearance that North Korean IT professionals were affiliated with legitimate local companies and to receive money that was then transferred overseas.
The fraudulent scheme likely also involved stealing confidential data, such as source code, from companies they worked for, such as an unnamed California defense contractor "that develops artificial intelligence-based equipment and technologies."
The Justice Department said the FBI conducted searches earlier in June at 21 locations in 14 states that allegedly housed laptop farms used by the North Korean scheme. The FBI seized 137 laptops as a result of the raids.
The feds also said they seized at least 21 web domains, 29 financial accounts used to launder tens of thousands of dollars, and more than 70 laptops and remote access devices, including KVMs.
Five North Korean nationals have been charged with wire fraud and money laundering after they stole more than $900,000 in cryptocurrency from two unnamed companies using fake or stolen personal information, the Justice Department said.
