US Justice Department Cracks Down on North Korean Remote IT Fraud Scheme

The US Department of Justice (DOJ) has taken nationwide action against a major North Korean fraud operation that exploited remote IT job offers, stealing identities and raking in millions to support the regime's nuclear weapons program.

We've been hearing for years how North Korean hackers and other operatives have been carrying out a novel, complex type of attack by using stolen or fabricated identities, and getting jobs at US companies. Now, authorities have finally managed to put a dent in the entire operation.

How the fraud scheme worked

According to the DOJ, North Korean hackers stole or created fake identities from over 80 Americans, allowing them to get remote IT roles at more than 100 US companies, including firms on the Fortune 500 list.

The hackers operate mostly from North Korea and China, and they rely on US-based facilitators to set up "laptop farms." These are places that North Korean hackers can use to remotely access company-issued computers. Connecting to an office from hardware that's already in the United States and connected to US IP addresses makes them appear more trustworthy.

The DOJ says that US citizens Kejia Wang and Zhenxing Wang have allegedly managed these logistics. The two allegedly established shell companies, created fake websites, and coordinated financial transfers, channeling stolen salaries back to North Korea.

"These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime's illicit programs, including its weapons programs," said Assistant Attorney General John A. Eisenberg of the Department's National Security Division.

Financial damage and security threats

The fraudulent scheme generated over $5 million in revenue for North Korea. In one case, hackers infiltrated an Atlanta-based blockchain firm and stole nearly $900,000 worth of cryptocurrency.

In another situation, foreign operatives accessed sensitive US military-related data protected under the International Traffic in Arms Regulations (ITAR).

In response, the DOJ conducted extensive raids in 16 states, seized some 200 computers and 29 financial accounts, and shut down 21 websites. The State Department announced rewards of up to $5 million for information that helps disrupt similar schemes in the future.