NEWYou can now listen to Fox News articles!
Federal authorities have unraveled several schemes by the Democratic People’s Republic of North Korea (DPRK) that were used to fund its regime through remote information technology (IT) work for U.S. companies, resulting in two indictments, tech and financial seizures and an arrest.
The Department of Justice (DOJ) said Monday that North Korean actors were helped by individuals in the U.S., China, the United Arab Emirates and Taiwan to obtain employment with over 100 U.S. companies, including Fortune 500 companies.
In one scheme, U.S.-based individuals created front companies and fraudulent websites to promote the legitimacy of remote workers, while hosting laptop farms where remote North Korean IT workers could remotely access company-provided laptop computers.
In another scheme, IT workers in North Korea used false identities to gain employment with a blockchain research and development company in Atlanta, Georgia, and steal virtual currency worth over $900,000.
ALLEGED CHINESE SCHEME TO INFLUENCE 2020 ELECTION FOR BIDEN BEING PROBED BY FBI, SENATE JUDICIARY COMMITTEE
Assistant Attorney General John A. Eisenberg of the DOJ’s National Security Division said the schemes target and steal from U.S. companies and are designed to evade sanctions while funding illicit programs, including weapons programs, in North Korea.
“North Korea remains intent on funding its weapons programs by defrauding U.S. companies and exploiting American victims of identity theft, but the FBI is equally intent on disrupting this massive campaign and bringing its perpetrators to justice,” Assistant Director Roman Rozhavsky of the FBI Counterintelligence Division said. “North Korean IT workers posing as U.S. citizens fraudulently obtained employment with American businesses so they could funnel hundreds of millions of dollars to North Korea’s authoritarian regime.”
As part of its announcement about the North Korean scheme, the DOJ unsealed a five-count indictment against Zhenxing Wang, a U.S. national living in New Jersey, who has since been arrested.
Wang and his co-conspirators, the DOJ said, obtained remote IT work with U.S. companies and generated over $5 million in revenue.
CHINESE PHD STUDENT FROM WUHAN ARRESTED SMUGGLING BIOLOGICAL MATERIALS AFTER DELETING ELECTRONIC EVIDENCE: DOJ
Also charged in the indictment are Chinese nationals Jing Bin Huang, Baoyu Zhou, Tong Yuze, Yongzhe Xu, Ziyou Yuan and Zhenbang Zhou. Taiwanese nationals Mengting Liu and Enchia Liu were also charged in the indictment.
Also indicted was U.S. national Kejia “Tony” Wang, also of New Jersey, who was charged separately.
“The threat posed by DPRK operatives is both real and immediate. Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies,” U.S. Attorney Leah B. Foley for the District of Massachusetts said. “We will continue to work relentlessly to protect U.S. businesses and ensure they are not inadvertently fueling the DPRK’s unlawful and dangerous ambitions.”
The indictment alleges that from 2021 and through most of 2024, the defendants and other co-conspirators compromised the identities of over 80 people in the U.S. to obtain remote jobs at more than 100 companies. As a result, the victim companies incurred legal fees, computer network remediation costs and other damages and losses to the tune of at least $3 million.
Kejia and Zhenxing, along with at least four other U.S. facilitators, allegedly helped overseas IT workers with various parts of the scheme.
FOREIGN NATIONALS CHARGED AMID TRUMP VISA CRACKDOWN FOR SCHEME TO SMUGGLE US MILITARY EQUIPMENT INTO CHINA
For example, the allegations claim the U.S. facilitators received laptops from U.S. companies at their homes and enabled overseas IT workers to access the laptops remotely. This was done by connecting the laptops to hardware devices designed to allow for remote access — things like keyboard-video-mouse, or KVM, switches.
Kejia and Zhenxing allegedly established shell companies with websites and financial accounts to make it appear as though the overseas IT workers were affiliated with legitimate businesses in the U.S. Once established, the two allegedly received money from U.S. companies, and the funds were transferred to co-conspirators overseas.
In exchange for their services, Kejia, Zhenxing and the other four conspirators in the U.S. received at least $696,000 from the IT workers.
The DOJ said one of the companies the schemers allegedly accessed data from was a defense contractor that develops artificial intelligence-powered equipment and technology. By accessing the company’s data, the schemers were privy to International Traffic in Arms Regulations (ITAR), the DOJ said.
FEDS BUST ARMENIAN FRAUD RING ACCUSED OF STEALING $30M IN COVID, SMALL BUSINESS LOANS
The DOJ also announced that the FBI and Defense Criminal Investigative Service (DCIS) seized 17 web domains used as part of the scheme, along with 29 financial accounts holding tens of thousands of dollars, used to launder revenue for the North Korean regime.
The DOJ unveiled another part of the scheme, which resulted in a five-count wire fraud and money laundering indictment against four North Korean nationals: Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju and Change Nam II.
The suspects are accused of scheming to steam virtual currency from two companies, with a value of over $900,000 at the time of the thefts, and to launder the proceeds.
All four nationals, the DOJ said, are at large and wanted by the FBI.
“The defendants used fake and stolen personal identities to conceal their North Korean nationality, pose as remote IT workers, and exploit their victims’ trust to steal hundreds of thousands of dollars,” U.S. Attorney Theodore S. Hertzberg for the Northern District of Georgia said. “This indictment highlights the unique threat North Korea poses to companies that hire remote IT workers and underscores our resolve to prosecute any actor, in the United States or abroad, who steals from Georgia businesses.”
CHINESE OFFICIALS CLAIMED BEHIND CLOSED DOORS PRC PLAYED ROLE IN US CYBERATTACKS: REPORT
The indictment alleges the four defendants traveled to the United Arab Emirates on North Korean travel documents and worked as a co-located team.
Jin and Ju were also allegedly hired by a blockchain research and development company in Atlanta, and a virtual token company based in Serbia.
While hired, Jin and Ju hid their North Korean identities from their employers and provided false identification documents, the DOJ alleged.
Both defendants ultimately earned the trust of their employers and allegedly stole hundreds of thousands of dollars from them in multiple instances. The funds were then laundered and transferred to accounts held by Bok and Nam, which were allegedly opened fraudulently using Malaysian identification documents.
During the investigation, the FBI executed searches of 21 premises across 14 states that were hosting known and suspected laptop farms. During the execution, the FBI seized 137 laptops.
