The United States Justice Department has announced a major operation against a long-running North Korean IT worker scheme. This coordinated action involved raiding nearly thirty “laptop farms” that were spread out across sixteen different states. The FBI officials said these farms allowed an undisclosed number of North Koreans to illegally work at US companies. These farms host work devices sent by legitimate companies who had unwittingly hired these North Korean IT workers. This setup allows the remote employees to appear as if they are working from within the United States.
The assistant attorney general said the scheme is designed to steal from American companies and evade international sanctions. The money is used to fund the North Korean regime’s illicit programs, including its dangerous weapons development programs. North Korean IT workers are a serious threat because they generate illegal revenues for the Hermit Kingdom’s government. They also weaponize their insider access to harvest sensitive data, steal funds, and even extort their employers. In at least one case, the workers gained access to sensitive employer data from a US defense contractor.
The Justice Department said it arrested Zhenxing “Danny” Wang, a U.S. national and a New Jersey resident.
He allegedly worked with others to help North Koreans get hired and generated five million dollars for Pyongyang. The indictment also names six Chinese nationals and two people from Taiwan who assisted in this long-running scheme. These US-based facilitators received and hosted the company-issued laptops at their private residences for the remote workers. They also created shell companies with corresponding websites and financial accounts to appear more legitimate to US businesses.
FBI Assistant Director Brett Leatherman added that in many cases the North Koreans steal real American citizens’ identities.
The defendants and co-conspirators are accused of compromising the identities of more than eighty different US individuals. They used these stolen identities to obtain remote jobs at more than one hundred US companies since 2021. Microsoft, which tracks the threat as Jasper Sleet, said it has suspended 3,000 known Outlook and Hotmail accounts. The tech giant also called out the workers’ exploitation of artificial intelligence tools to enhance images and change voices.
Reference:
