Federal prosecutors have charged multiple people in a nationwide scheme to secretly funnel U.S. wages to North Korea’s government, allegedly to support its nuclear weapons program. The Department of Justice announced the charges Monday, June 30, describing a growing effort by North Korean operatives to bypass U.S. sanctions by posing as remote tech workers for American companies.
What investigators uncovered
The United States has long sanctioned North Korea over national security concerns. But investigators say the country has adapted its tactics, using false identities and overseas locations to gain access to U.S.-based jobs and send the earnings back home.
Download the SAN app today to stay up-to-date with Unbiased. Straight Facts™.
Point phone camera here
The investigation led to two indictments, one arrest and searches at 29 suspected “laptop farms” in 16 states. Authorities also seized 29 financial accounts tied to money laundering and shut down 21 fake websites allegedly used in the scheme.
“North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime,” said Brett Leatherman, assistant director of the FBI’s cyber division.
How US companies were targeted
North Korean nationals used fake or stolen identities to get hired as remote IT workers by more than 100 U.S. companies, according to court documents. They weren’t acting alone. Officials say they had help from people in the United States, China, the United Arab Emirates and Taiwan.
The DOJ has charged at least nine people with conspiracy to commit wire fraud, money laundering and identity theft, among other offenses.
Accomplices allegedly set up fake businesses and websites to make the workers seem legitimate. They also ran laptop farms, where North Korean workers could remotely log into company-issued computers from overseas and conceal their true locations.
Once hired, the workers collected paychecks and, in some cases, accessed sensitive information. Prosecutors say that included U.S. military technology protected under export controls, as well as virtual currency.
One of those breaches happened at a California-based defense contractor. Between January and April 2024, an overseas co-conspirator accessed the company’s systems without permission and obtained files marked as “controlled” under U.S. export regulations.
Cases in Georgia and Massachusetts surface
In a separate case, four North Korean nationals were indicted in Georgia for stealing more than $900,000 in cryptocurrency from blockchain and virtual token companies. They used false identities to secure employment, gained access to internal systems, and manipulated smart contracts to transfer the funds. Smart contracts are automated programs on blockchain platforms that manage transactions, and in this case, North Korean hackers altered the code to redirect the currency.
The group then used “crypto mixers” like Tornado Cash to launder the money and routed it through exchange accounts opened with fake Malaysian documents.
As part of the investigation, the FBI searched 21 laptop farm locations across 14 states in June, seizing more than 130 laptops tied to the operation.
As the investigation continues, federal officials are offering rewards of as much as $5 million for information exposing North Korea’s illegal money operations.
