North Korean hackers have stolen the identities of over 80 American citizens to infiltrate more than 100 US companies, including a defense contractor, gaining access to sensitive military technology and stealing nearly $1 million in cryptocurrency.
Key Takeaways
- The Justice Department has uncovered a massive North Korean identity theft operation targeting US tech jobs, searching 29 “laptop farms” across 16 states and seizing approximately 200 computers.
- North Korean operatives stole the identities of more than 80 Americans to gain employment at over 100 US companies, including a California-based defense contractor, where they accessed sensitive technical data.
- The operation resulted in two indictments, one arrest, and the seizure of 29 financial accounts, 21 fraudulent websites, and cryptocurrency worth over $900,000.
- These schemes generate millions in revenue for North Korea’s regime and weapons programs while evading international sanctions.
Nationwide Crackdown on North Korean Tech Fraud
The Department of Justice has launched coordinated actions against an elaborate North Korean scheme designed to infiltrate American companies and steal sensitive information. In a sweeping operation, federal authorities searched 29 “laptop farms” spread across 16 states, seized approximately 200 computers, shut down 21 fraudulent websites, and froze 29 financial accounts used to launder money back to the North Korean regime. The operation targeted North Korean nationals who fraudulently obtained employment with U.S. companies by stealing American identities and creating elaborate fake personas to bypass sanctions and security measures.
“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” said Assistant Attorney General John A. Eisenberg.
Identity Theft Operation Revealed
The investigation has uncovered that North Korean operatives stole the identities of more than 80 American citizens to apply for remote tech positions. These operatives created sophisticated fake identification documents, including forged driver’s licenses and Social Security cards, often purchased from dark web forums or obtained through data breaches. The stolen identities allowed North Korean workers to pose as legitimate American professionals during interviews and throughout their employment, giving them access to company networks, sensitive information, and payment systems.
“North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime,” stated Assistant Director Brett Leatherman.
The DOJ has indicted two Americans, Kejia Wang and Zhenxing Wang, for their involvement in the scheme, with Zhenxing Wang already under arrest. The indictment alleges that these individuals, along with co-conspirators in China, the UAE, and Taiwan, facilitated a multi-year fraud operation that generated over $5 million in revenue for the North Korean regime. The operation involved creating front companies and fraudulent employment websites specifically designed to promote North Korean IT workers while concealing their true identities and locations.
National Security Implications
Perhaps most alarming is the revelation that one of the infiltrated companies was a California-based defense contractor. North Korean operatives gained access to sensitive technical data related to U.S. military technology, representing a significant national security breach. In a separate indictment filed in Georgia, four North Korean nationals were charged with stealing virtual currency worth over $900,000 from cryptocurrency firms, further demonstrating the financial motivations behind these operations.
“The threat posed by DPRK operatives is both real and immediate. Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies,” warned U.S. Attorney Leah B. Foley.
The FBI’s coordinated action is part of the DPRK RevGen: Domestic Enabler Initiative, which specifically targets North Korea’s illicit revenue generation schemes. The U.S. Department of State is offering rewards for information that disrupts North Korea’s financial activities, acknowledging the ongoing threat these operations pose to American businesses and national security. Security experts believe this crackdown will significantly impact North Korea’s ability to continue these operations, at least in the short term.
“This is going to put a heavy dent in what they’re doing,” said Michael Barnhart, a cybersecurity expert.
The Justice Department continues to investigate these schemes and has issued public advisories about potential threats and mitigation measures for businesses. The operation highlights how North Korea has adapted its tactics to evade international sanctions by embedding its workers within the legitimate global digital economy, presenting new challenges for national security and counterintelligence efforts under President Trump’s administration.
