North Korean Fraud Rings INFILTRATE U.S. Tech

Person holding credit card near laptop displaying Fraud

North Korean identity thieves have stolen over 80 Americans’ identities to infiltrate US tech companies, accessing military technology and stealing nearly $1 million in cryptocurrency while operating from hidden “laptop farms” across 16 states.

Key Takeaways

  • The Justice Department has launched a nationwide crackdown on North Korean IT worker fraud schemes, seizing approximately 200 computers from 29 “laptop farms” across 16 states.
  • North Korean operatives stole the identities of more than 80 Americans to fraudulently obtain remote tech jobs at over 100 US companies, including a defense contractor with access to sensitive military data.
  • The schemes generated over $5 million in revenue for North Korea’s regime and weapons programs, with one operation stealing over $900,000 in cryptocurrency.
  • Two Americans have been indicted for their role in the scheme, with one arrest made so far, while authorities seized 21 fraudulent websites and 29 financial accounts used to launder money.

Sophisticated Identity Theft Operation Uncovered

The U.S. Department of Justice has revealed a massive operation targeting North Korean identity theft rings that have been masquerading as American tech professionals to infiltrate U.S. companies. In a sweeping action, authorities searched 29 “laptop farms” across 16 states, seizing approximately 200 computers and shutting down 21 fraudulent websites. These operations were part of a sophisticated scheme where North Korean IT workers stole the identities of over 80 Americans to obtain remote work positions at more than 100 U.S. companies, allowing them to circumvent international sanctions while generating revenue for the North Korean regime.

“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” said John A. Eisenberg, Assistant Attorney General of the Justice Department’s National Security Division.

Millions Funneled to North Korean Regime

According to the Justice Department, the fraud schemes generated over $5 million in revenue that was subsequently funneled back to North Korea, likely supporting its weapons programs and other sanctioned activities. The operation involved the indictment of two Americans, Kejia Wang and Zhenxing Wang, with the latter being arrested as part of the crackdown. The Wangs allegedly operated a multi-year fraud scheme in collaboration with individuals in China, the United Arab Emirates, and Taiwan, creating front companies and fraudulent websites to promote North Korean IT workers to unsuspecting American employers.

“North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime,” said Brett Leatherman, Assistant Director of the FBI’s International Operations Division.

National Security Implications

The security implications of this scheme extend far beyond financial fraud. In one particularly alarming case, North Korean operatives gained employment with a California-based defense contractor, accessing sensitive technical data potentially related to U.S. military technology. In a separate indictment filed in Georgia, four North Korean nationals were charged with stealing virtual currency worth over $900,000. The FBI also seized 29 financial accounts used to launder revenue generated by these fraudulent activities, striking a significant blow to North Korea’s ability to fund its illicit programs.

“The threat posed by DPRK operatives is both real and immediate. Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies,” said U.S. Attorney Leah B. Foley for the Eastern District of New York.

Sophisticated Identity Theft Methods

The North Korean operatives obtained personal documents from dark web forums and data leak sites to create convincing fake identities. They created fraudulent identification documents, including driver’s licenses and Social Security cards, to pass employment verification procedures. Once hired, they would remotely access company laptops provided by their employers, working from “laptop farms” – locations housing multiple computers used by North Korean workers to perform their fraudulently obtained jobs while concealing their true identities and locations from employers.

“It’s huge,” said Michael Barnhart, a former FBI agent who specialized in North Korean cyber operations. “Whenever you have a laptop farm like this, that’s the soft underbelly of these operations. Shutting them down across so many states, that’s massive. This is going to put a heavy dent in what they’re doing.”

Ongoing Threat and Government Response

The Justice Department’s actions are part of a broader initiative called the DPRK RevGen: Domestic Enabler Initiative, which targets North Korea’s illicit revenue generation schemes. The U.S. Department of State is offering rewards for information disrupting North Korea’s illicit financial activities, signaling the government’s commitment to neutralizing this threat. American companies are being advised to implement additional verification measures when hiring remote tech workers and to be vigilant for signs of identity theft or unusual work patterns that might indicate infiltration by North Korean operatives.