From Fox News: Federal authorities have unraveled several schemes by the Democratic People’s Republic of North Korea (DPRK) that were used to fund its regime through remote information technology (IT) work for U.S. companies, resulting in two indictments, tech and financial seizures and an arrest.
The Department of Justice (DOJ) said Monday that North Korean actors were helped by individuals in the U.S., China, the United Arab Emirates and Taiwan to obtain employment with over 100 U.S. companies, including Fortune 500 companies.
In one scheme, U.S.-based individuals created front companies and fraudulent websites to promote the legitimacy of remote workers, while hosting laptop farms where remote North Korean IT workers could remotely access company-provided laptop computers.
In another scheme, IT workers in North Korea used false identities to gain employment with a blockchain research and development company in Atlanta, Georgia, and steal virtual currency worth over $900,000.
In a press release on Monday, the Justice Department announced:
According to the indictment, from approximately 2021 until October 2024, the defendants and other co-conspirators compromised the identities of more than 80 U.S. persons to obtain remote jobs at more than 100 U.S. companies, including many Fortune 500 companies, and caused U.S. victim companies to incur legal fees, computer network remediation costs, and other damages and losses of at least $3 million. Overseas IT workers were assisted by Kejia Wang, Zhenxing Wang, and at least four other identified U.S. facilitators. Kejia Wang, for example, communicated with overseas co-conspirators and IT workers, and traveled to Shenyang and Dandong, China, including in 2023, to meet with them about the scheme. To deceive U.S. companies into believing the IT workers were located in the United States, Kejia Wang, Zhenxing Wang, and the other U.S. facilitators received and/or hosted laptops belonging to U.S. companies at their residences, and enabled overseas IT workers to access the laptops remotely by, among other things, connecting the laptops to hardware devices designed to allow for remote access (referred to as keyboard-video-mouse or “KVM” switches).
Kejia Wang and Zhenxing Wang also created shell companies with corresponding websites and financial accounts, including Hopana Tech LLC, Tony WKJ LLC, and Independent Lab LLC, to make it appear as though the overseas IT workers were affiliated with legitimate U.S. businesses. Kejia Wang and Zhenxing Wang established these and other financial accounts to receive money from victimized U.S. companies, much of which was subsequently transferred to overseas co‑conspirators. In exchange for their services, Kejia Wang, Zhenxing Wang, and the four other U.S. facilitators received a total of at least $696,000 from the IT workers.
IT workers employed under this scheme also gained access to sensitive employer data and source code, including International Traffic in Arms Regulations (ITAR) data from a California-based defense contractor that develops artificial intelligence-powered equipment and technologies. Specifically, between on or about Jan. 19, 2024, and on or about April 2, 2024, an overseas co-conspirator remotely accessed without authorization the company’s laptop and computer files containing technical data and other information. The stolen data included information marked as being controlled under the ITAR.
Simultaneously with today’s announcement, the FBI and Defense Criminal Investigative Service (DCIS) seized 17 web domains used in furtherance of the charged scheme and further seized 29 financial accounts, holding tens of thousands of dollars in funds, used to launder revenue for the North Korean regime through the remote IT work scheme.
Previously, in October 2024, as part of this investigation, federal law enforcement executed searches at eight locations across three states that resulted in the recovery of more than 70 laptops and remote access devices, such as KVMs. Simultaneously with that action, the FBI seized four web domains associated with Kejia Wang’s and Zhenxing Wang’s shell companies used to facilitate North Korean IT work.
Justice Department Announces Coordinated, Nationwide Actions to Combat North Korean Remote Information Technology Workers’ Illicit Revenue Generation Schemes
🔗: https://t.co/HNfCvWhLb4 pic.twitter.com/RHPOIJN2lX
— National Security Division, U.S. Dept of Justice (@DOJNatSec) June 30, 2025
Today, the FBI and @TheJusticeDept announced nationwide actions to disrupt North Korean schemes to defraud American companies through remote IT work, which included the arrest of a U.S. national who allegedly hosted a laptop farm for North Korean actors https://t.co/3IC28oaMFa pic.twitter.com/rsx0EPO0nu
— FBI (@FBI) June 30, 2025
READ MORE from Fox News.
Follow us on X (Formerly Twitter.)
The DML News App: www.X.com/DMLNewsApp
