Search
July 13, 2025
Facebook Instagram X-twitter Youtube
Logo, The Texas Insider
  • Home
  • Regions
  • Business
  • Insider Reports
  • Health & Fitness
  • Lifestyle
    • Culture
    • Texas Family Values
  • Politics
    • Texas Border Crisis
    • Texas Primaries
  • Events
  • Opinion
  • Games
  • Podcasts
  • Videos
  • Home
  • Regions
  • Business
  • Insider Reports
  • Health & Fitness
  • Lifestyle
    • Culture
    • Texas Family Values
  • Politics
    • Texas Border Crisis
    • Texas Primaries
  • Events
  • Opinion
  • Games
  • Podcasts
  • Videos

Federal Investigation Exposes Massive North Korean Cyber Employment Scheme

Justice Department Announces Coordinated Multi-State Operation Targeting DPRK Remote IT Workers

Marina Fatina by Marina Fatina
July 4, 2025
in Insider Reports, Top News
0
Federal Investigation Exposes Massive North Korean Cyber Employment Scheme
Share on FacebookShare on Twitter

Authorities seize financial accounts, websites, and equipment in unprecedented enforcement action

WASHINGTON — The U.S. Department of Justice announced Tuesday the results of a comprehensive investigation spanning 16 states that has exposed an elaborate scheme by North Korean operatives to infiltrate American companies through fraudulent remote employment, generating millions in illicit revenue for the Democratic People’s Republic of Korea (DPRK) regime.

The coordinated enforcement action resulted in two federal indictments, one arrest, the seizure of 29 financial accounts and 21 fraudulent websites, searches of 29 suspected “laptop farms,” and the recovery of approximately 200 computers used in the operation.

Investigation Overview

According to court documents unsealed in federal courts in Massachusetts and Georgia, the schemes involved North Korean nationals using stolen and fabricated American identities to secure remote information technology positions with more than 100 U.S. companies, including multiple Fortune 500 corporations.

“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” said Assistant Attorney General John A. Eisenberg of the Department’s National Security Division.

The investigation revealed that North Korean actors were assisted by co-conspirators in the United States, China, United Arab Emirates, and Taiwan to successfully penetrate American corporate networks and, in some instances, steal sensitive information including export-controlled military technology and virtual currency.

Massachusetts Case Details

In the District of Massachusetts, authorities arrested U.S. national Zhenxing “Danny” Wang of New Jersey on a five-count indictment alleging his participation in a multi-year fraud scheme that generated more than $5 million in revenue. The indictment also charges Chinese nationals Jing Bin Huang, Baoyu Zhou, Tong Yuze, Yongzhe Xu, Ziyou Yuan, and Zhenbang Zhou, along with Taiwanese nationals Mengting Liu and Enchia Liu.

Court documents allege that from approximately 2021 through October 2024, the defendants compromised the identities of more than 80 U.S. persons to obtain remote employment at over 100 American companies. The scheme allegedly caused victim companies to incur at least $3 million in legal fees, network remediation costs, and other damages.

U.S. Attorney Leah B. Foley for the District of Massachusetts stated, “The threat posed by DPRK operatives is both real and immediate. Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies.”

According to the indictment, the operation involved creating shell companies with corresponding websites and financial accounts, including Hopana Tech LLC, Tony WKJ LLC, and Independent Lab LLC, to provide apparent legitimacy for overseas IT workers. The defendants allegedly established laptop farms at U.S. residences, using keyboard-video-mouse (KVM) switches to enable remote access by North Korean operatives to company-provided equipment.

Defense Contractor Breach

The investigation revealed that IT workers operating under false identities gained unauthorized access to sensitive data from a California-based defense contractor developing artificial intelligence-powered military equipment. Between January and April 2024, an overseas co-conspirator allegedly accessed technical data controlled under International Traffic in Arms Regulations (ITAR).

Georgia Cryptocurrency Case

In the Northern District of Georgia, federal prosecutors unsealed a five-count indictment charging four North Korean nationals—Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il—with wire fraud and money laundering in connection with virtual currency thefts valued at over $900,000.

U.S. Attorney Theodore S. Hertzberg for the Northern District of Georgia said, “The defendants used fake and stolen personal identities to conceal their North Korean nationality, pose as remote IT workers, and exploit their victims’ trust to steal hundreds of thousands of dollars.”

According to court documents, the defendants traveled to the United Arab Emirates and worked as a coordinated team. Kim Kwang Jin, using a stolen American identity, and Jong Pong Ju, operating under the alias “Bryan Cho,” were hired by an Atlanta-based blockchain research company and a Serbian virtual token company, respectively.

After gaining employer trust and access to virtual currency assets, the defendants allegedly executed thefts in February and March 2022. Jong Pong Ju is accused of stealing approximately $175,000 in virtual currency, while Kim Kwang Jin allegedly modified smart contract source code to steal approximately $740,000. The stolen funds were subsequently laundered through the virtual currency mixer Tornado Cash, according to prosecutors.

Multi-State Enforcement Operations

Between June 10-17, 2025, the FBI executed searches at 21 premises across 14 states hosting suspected laptop farms, coordinated by the FBI Denver Field Office. These operations resulted in the seizure of approximately 137 laptops and were conducted in connection with ongoing investigations by U.S. Attorney’s Offices in Colorado, Eastern Missouri, and Northern Texas.

Assistant Director Brett Leatherman of the FBI’s Cyber Division emphasized the scope of the threat: “North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime.”

Revenue Generation Scale

According to a May 2022 advisory from the FBI, Department of Treasury, and Department of State, individual North Korean IT workers have been known to earn up to $300,000 annually, with the collective operation generating hundreds of millions of dollars each year for designated entities including the North Korean Ministry of Defense and other organizations directly involved in weapons programs.

The Department of State has offered rewards of up to $5 million for information supporting international efforts to disrupt DPRK illicit financial activities, including cybercrimes, money laundering, and sanctions evasion.

Ongoing Initiative

These enforcement actions represent the latest developments in the Department of Justice’s “DPRK RevGen: Domestic Enabler Initiative,” a joint effort by the National Security Division and FBI Cyber and Counterintelligence Divisions targeting North Korean illicit revenue generation schemes and their U.S.-based facilitators.

Assistant Director Roman Rozhavsky of the FBI Counterintelligence Division noted, “North Korean IT workers posing as U.S. citizens fraudulently obtained employment with American businesses so they could funnel hundreds of millions of dollars to North Korea’s authoritarian regime.”

Corporate Vigilance Recommendations

Federal authorities have published multiple advisories warning companies about red flag indicators of potential North Korean IT worker infiltration, including the use of stolen identities, proxy computers, and false websites. The FBI has urged all U.S. companies employing remote workers to maintain heightened vigilance against these sophisticated threats.

The charges described in the indictments are allegations. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Marina Fatina

Marina Fatina

Part of Texas Epoch Media Group since 2012 . Graduated University of Houston with BA in Broadcast Journalism and now work as a local Houston Reporter and videographer for Texas Insider and NTD.

Related Posts

Finally! You Can Keep Your Shoes ON at Airport Security
Insider Reports

Finally! You Can Keep Your Shoes ON at Airport Security

July 13, 2025
Texas’ HB 49 Opens Door to Using Fracking Wastewater in Agriculture — But Is It Safe?
Public Safety

Texas’ HB 49 Opens Door to Using Fracking Wastewater in Agriculture — But Is It Safe?

July 13, 2025
Insider Reports

Flood Scammers Are Targeting Texas Families – Here’s How to Protect Yourself

July 13, 2025

Latest

  • Finally! You Can Keep Your Shoes ON at Airport Security July 13, 2025
  • Texas’ HB 49 Opens Door to Using Fracking Wastewater in Agriculture — But Is It Safe? July 13, 2025
  • Flood Scammers Are Targeting Texas Families – Here’s How to Protect Yourself July 13, 2025
  • Second Chances Are Working: Harris County Program Helps 141 People Clear Their Records July 13, 2025
  • Arlington Finally Got Its Dream Farmers Market – And It’s Everything We Hoped For! July 12, 2025

Trending Now

  • E4 Texas RoundUP: Exclusive Interview: Rob Scott, IT Attorney & Chief Innovator at Monjur

    E4 Texas RoundUP: Exclusive Interview: Rob Scott, IT Attorney & Chief Innovator at Monjur

    267 shares
    Share 107 Tweet 67
  • Texas Dad Advocates for Legal Changes to the Family Court System

    259 shares
    Share 104 Tweet 65
  • Texas Warrior Moms: Perla Muñoz Hopkins

    154 shares
    Share 62 Tweet 39
  • “Memo to Texas Moms: Be the ‘Flashlight’ that protects your children in our world”

    154 shares
    Share 62 Tweet 39
  • E41. Texas RoundUP: Interview With Jim Camp Jr., Owner And Coach At Camp Negotiations

    133 shares
    Share 53 Tweet 33
  • About
  • Advertise
  • Careers
  • Contact
  • About
  • Advertise
  • Careers
  • Contact

© 2024 All rights Reserved. The Texas Insider.
The Texas Insider is a part of Epoch Media Group.

Facebook Instagram X-twitter Youtube