DOJ unveils indictments tied to North Korea’s 'IT Worker' scheme

The U.S. Department of Justice and FBI on Monday announced an arrest and indictments related to North Korea’s 'IT worker' program, through which North Koreans secured remote tech jobs at more than a 100 U.S. companies to steal money and data globally.

The actions include two indictments, one arrest, searches of 29 suspected 'laptop farms' in 16 states, and the seizure of 29 financial accounts and 21 fraudulent websites used for laundering illicit funds.

According to court documents, the schemes involve North Korean individuals fraudulently obtaining employment with U.S. companies as remote IT workers, using stolen and fake identities. The North Korean actors were assisted by individuals in the United States, China, United Arab Emirates, and Taiwan, and successfully obtained employment with more than 100 U.S. companies.

From 2021 until October 2024, the defendants and other co-conspirators compromised the identities of more than 80 U.S. persons to obtain remote jobs at more than a 100 U.S. companies, including many Fortune 500 companies, and caused U.S. victim companies to incur legal fees, computer network remediation costs, and other damages and losses of at least $3 million. 

The North Koreans also allegedly stole at least $900,000 worth of cryptocurrency from one Georgia-based company with their access, along with employer data and source code, including International Traffic in Arms Regulations (ITAR) data, from a California-based defense contractor, the DOJ said.

Zhenxing 'Danny' Wang and Kejia Wang, both U.S. citizens, were indicted as part of the operation, according to the DOJ. Zhenxing Wang was arrested in New Jersey, while Kejia Wang remains free, a DOJ spokesperson said in an email. An attorney for Zhenxing Wang could not be immediately located.

The two men, along with four other unnamed U.S. 'facilitators,' assisted the North Koreans by procuring and operating laptops used by the overseas workers, created financial accounts to receive money earned by the workers to be sent back to North Korea, and created shell companies to make the workers appear more authentic, according to the DOJ, earning nearly $700,000 from the scheme for themselves.

Simultaneously with today’s announcement, the FBI and Defense Criminal Investigative Service (DCIS) seized 17 web domains used in furtherance of the charged scheme and further seized 29 financial accounts, holding tens of thousands of dollars in funds, used to launder revenue for the North Korean regime through the remote IT work scheme.

Federal prosecutors also indicted six Chinese nationals and two Taiwanese nationals for alleged roles in the operation.

China would take all necessary measures to safeguard the rights and interests of its citizens, the country's foreign ministry spokesperson Mao Ning told reporters at a regular news briefing on Tuesday.
 

Copied