DOJ Announces Indictments in Takedown of North Korean Remote Worker Operation

Udumbara Udumbara
Jul 2, 2025 - 09:57 Updated: Jul 2, 2025 - 09:49
0
DOJ Announces Indictments in Takedown of North Korean Remote Worker Operation
.
Nine people, including six Chinese nationals, were indicted in Boston for allegedly taking part in a scheme that raised at least $5 million to be funneled to North Korea and its weapons of mass destruction program, the U.S. Attorney’s Office for the District of Massachusetts announced on June 30.

The defendants were accused of running the scheme to help remote North Korean IT workers obtain jobs at more than 100 U.S. companies, including many Fortune 500 companies, by compromising more than 80 Americans’ identities. These companies incurred a loss of at least $3 million in legal fees, computer network remediation costs, and other damages as a result of the scheme.

According to the indictment, the scheme was operational from 2021 until October 2024.
Citing a 2022 advisory issued by the State Department, the Treasury Department, and the FBI, prosecutors explained in the indictment that North Korea has deployed thousands of IT workers around the world, securing employment for them while hiding their identities and locations, in order to generate revenue for the regime and evade U.S. and U.N. sanctions.

“While some of these IT workers operate from cities inside North Korea, many work in the People’s Republic of China (‘China’) in cities near the North Korean border, including in Dandong and Shenyang,” the indictment reads. Dandong and Shenyang are cities in northern China’s Liaoning Province, which borders North Korea.

U.S. Attorney Leah B. Foley for the District of Massachusetts said in a statement: “The threat posed by DPRK [Democratic People’s Republic of Korea] operatives is both real and immediate. Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies.”

One of the defendants, U.S. national Zhenxing “Danny” Wang, was arrested in New Jersey on June 30. Wang is accused of conspiracy to commit wire and mail fraud, money laundering, and identify theft.

The six Chinese nationals are listed in the U.S. Attorney’s Office statement as Jing Bin Huang, Baoyu Zhou, Tong Yuze, Yongzhe Xu, Ziyou Yuan, and Zhenbang Zhou. The remaining two defendants are Taiwanese nationals, named Mengting Liu and Enchia Liu.

Wang and another individual, Kejia Wang, along with at least four other unnamed U.S. “facilitators,” allegedly assisted the North Koreans by operating company-issued laptops giving them unauthorized remote access, creating financial accounts to receive money earned from their employment, and establishing U.S.-based shell companies to make the workers appear more authentic, according to prosecutors. In return, the group received at least $696,000 in fees.

According to the indictment, Huang, a Dandong resident, allegedly “registered accounts with money transfer services ... and foreign banks that were used to receive and transfer proceeds generated through the conspiracy.”

In connection with the scheme, the FBI also discovered “laptop farms” after carrying out searches of 21 locations across 14 states in June, according to the Department of Justice. The FBI seized 137 laptops in the operations.

The indictment listed several unnamed individuals who allegedly helped host the victim companies’ laptops.

“Individual C was a California resident, an active-duty member of the United States military, and a Secret clearance holder who, in exchange for a fee, hosted U.S. victim company laptops at Individual C’s residence and facilitated remote access to the laptops by overseas IT workers,” the indictment reads.

“North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime,” Assistant Director Brett Leatherman of the FBI’s Cyber Division said in a statement. “Let the actions announced today serve as a warning: if you host laptop farms for the benefit of North Korean actors, law enforcement will be waiting for you.”

The scheme allegedly also involved the North Korean employees stealing sensitive data, such as source code, from their employers. According to the indictment, one of the victims was a California-based defense contractor, whose documents and computer files containing sensitive U.S. military technology, regulated under the International Traffic in Arms Regulations, were stolen.

The U.S. Attorney’s Office for the Northern District of Georgia also announced a separate indictment on June 30 against four North Korean nationals: Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il.

The four defendants were accused of stealing more than $900,000 in virtual currency from two companies under a similar remote IT work scheme.

.

Read More