DOJ said over 100 firms hired North Korean workers who stole U.S. intellectual property

The Justice Department on Monday initiated coordinated actions against the North Korean government’s schemes to fund its weapons program through remote information technology (IT) work for U.S. companies.

The DoJ issued two indictments, an arrest, searches of 29 laptop farms across 16 states, and seizure of 29 bank accounts used to launder illicit funds.

The agency said those schemes are part of efforts by the North Korean regime to generate revenue and be part of its cyberespionage activities. The probe follows separate cases in Georgia and Massachusetts that the Justice Department believes pose a threat because, in some cases, workers access sensitive and proprietary data from the American firms that hire them.

FBI combats North Korea’s abuse of the U.S. IT industry 

Today, the FBI and @TheJusticeDept announced nationwide actions to disrupt North Korean schemes to defraud American companies through remote IT work, which included the arrest of a U.S. national who allegedly hosted a laptop farm for North Korean actors https://t.co/3IC28oaMFa pic.twitter.com/rsx0EPO0nu

— FBI (@FBI) June 30, 2025

The agency seized 21 fraudulent websites belonging to shell companies created to dupe employers into believing that the workers they were hiring were associated with U.S. businesses. The FBI and Defense Criminal Investigative Service (DCIS) also seized about 200 computers and 17 web domains used to advance the scheme.

Court documents alleged the workers, armed with stolen or fake identities, were dispatched by the North Korean government to find work as remote IT employees at American organizations, including Fortune 500 corporations. The firms were duped into believing that the hired workers were based in the U.S., when many were stationed in North Korea or China. The U.S. Treasury Department also issued an advisory about the tactic in 2022.

“North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime. That is why the FBI and our partners continue to work together to disrupt infrastructure, seize revenue, indict overseas IT workers, and arrest their enablers in the United States.”

–Brett Leatherman, Assistant Director of the FBI’s Cyber Division.

Investigations found that the wages from the workers are directed to the North Korea weapons programs in violation of U.S. and United Nations sanctions. Some workers also accessed and stole confidential information from their employers, including export-controlled U.S. military technology and virtual currency. 

In one incident, the DOJ discovered that the workers used false identities to gain employment with an Atlanta, Georgia-based blockchain research and development company and stole digital assets worth roughly $900,000. The agency and FBI officials said that at least one of the organizations that had unknowingly contracted the illicit workers was a government contractor, but they said that anyone in the U.S. posting jobs for remote workers is at risk.

DOJ indicts individuals involved in the fraud schemes

The Attorney’s Office for the District of Massachusetts and the National Security Division announced the arrest of U.S. national Zhenxing “Danny” Wang of New Jersey on five counts. Wang was charged with conspiracy to commit wire and mail fraud, money laundering conspiracy, conspiracy to commit identity theft, and conspiracy to violate the International Emergency Economic Powers Act.

The second indictment was a three-count indictment against New Jersey resident Kehia “Tony” Wang for conspiracy to commit wire and mail fraud, money laundering conspiracy, and conspiracy to commit identity theft. Court documents disclosed that the indictments include a multi-year fraud scheme by Wang and his co-conspirators to obtain remote IT work with U.S. companies that generated more than $5 million in revenue.

The court also charged six Chinese nationals, including Jing Bin Huang, Baoyu Zhou, Tong Yuze, Yongzhe Xu, Ziyou Yuan, and Zhenbang Zhou. Two Taiwanese nationals, Mengting Liu and Enchia Liu, were also indicted for their roles in the scheme.

The DOJ revealed that Kejia Wang, Zhenxing Wang, and four other U.S. facilitators had received at least $690,000 in total from the IT workers. The report also cited a third five-count money laundering and wire fraud indictment from the Northern District of Georgia that charged four North Korean nationals with the theft and subsequent laundering of digital assets from two companies, one in Georgia and one in Serbia.

The State Department is offering rewards of up to $5 million for information leading to the disruption of financial mechanisms of individuals engaged in certain activities that support North Korea.

Your crypto news deserves attention - KEY Difference Wire puts you on 250+ top sites