Feds uncover remote tech workers scheme to benefit North Korea
June 30 (UPI) -- The U.S. Department of Justice on Monday announced a crackdown on North Korea using people to pose as tech workers to earn money and steal sensitive information for the regime.
In two unsealed charging indictments in Massachusetts and Atlanta, schemes were outlined to trick U.S. companies into hiring people who funneled their paychecks to the government and stole sensitive information and cryptocurrency.
The FBI and Justice Department have investigated in 16 states since 2021 with most searches conducted earlier this month. The targeted companies were not announced.
U.S. companies were warned to carefully screen their remote employees to avoid falling victim to similar ruses.
"The FBI will do everything in our power to defend the homeland and protect Americans from being victimized by the North Korean government," Roman Rozhavsky, assistant director of the FBI's Counterintelligence Division, said in a statement.
The phony North Korean workers were assisted by individuals in the United States, China, the United Arab Emirates and Taiwan, DOJ said. They successfully obtained employment with more than 100 U.S. companies, including Fortune 500 ones.
"These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime's illicit programs, including its weapons programs," Assistant Attorney General John A. Eisenberg of the Department's National Security Division said. "The Justice Department, along with our law enforcement, private sector, and international partners, will persistently pursue and dismantle these cyber-enabled revenue generation networks."
DOJ announced searches of 29 known or suspected "laptop farms" across 16 states, and the seizure of 29 financial accounts used to launder illicit funds and 21 fraudulent websites from October 2024 to June.
From June 10-17, the FBI executed searches of 21 premises across 14 states. In total, the FBI seized approximately 137 laptops.
"North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime," Brett Leatherman, assistant director of the FBI's Cyber Division, said. "That is why the FBI and our partners continue to work together to disrupt infrastructure, seize revenue, indict overseas IT workers and arrest their enablers in the United States. Let the actions announced today serve as a warning: if you host laptop farms for the benefit of North Korean actors, law enforcement will be waiting for you."
Obtained were salary payments, and in some cases, sensitive employer information such as export-controlled U.S. military technology and virtual currency.
In one scheme, they allegedly created front companies and fraudulent websites. They received access to company-provided laptop computers. Obtained were salary payments.
U.S. national Zhenxing "Danny" Wang of New Jersey was arrested in a 50-page, five-count indictment in Massachussets.
The document details a multi-year fraud scheme by Wang and his co-conspirators to obtain remote IT work with U.S. companies that generated more than $5 million in revenue. Several Chinese and Taiwanese nationals were charged but haven't been arrested.
From approximately 2021 until October 2024, the defendants and other co-conspirators compromised the identities of more than 80 U.S. people to obtain remote jobs at more than 100 U.S. companies.
They cost the companies at least $3 million for legal fees, computer network remediation costs, and other damages and losses.
In another scheme, people used false or fraudulently obtained identities to gain employment with an Atlanta-based blockchain research and development company where they stole virtual currency worth approximately $900,000.
The five-count wire fraud and money laundering indictment charged four North Korean nationals. The defendants remain at large and are wanted by the FBI.
These remote works were assisted by individuals in the United States, China, United Arab Emirates and Taiwan.
The U.S. Department of State has offered potential rewards for up to $5 million to disrupt the North Korean illicit financial activities, including for cybercrimes, money laundering and sanctions evasion.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Insider
20 minutes ago
- Business Insider
Over 100 US companies hiring remote workers ended up funding Kim Jong Un's weapons programs, DOJ says
The Justice Department said on Monday that it had seized hundreds of computers and accused 13 people of tricking US companies into paying salaries to North Korea. In a new indictment filed in Massachusetts federal court, prosecutors alleged that conspirators fooled over 100 American firms in Washington, D.C., and 27 states. These firms weren't named, but authorities said they include Fortune 500 companies and a defense contractor in California with access to sensitive military technology files. Investigators detailed an elaborate scheme where at least two US citizens worked with North Korean state actors from 2021 to 2024 to steal identities, use them to get people hired in American industries, and then siphon their salaries to Pyongyang. "These schemes target and steal from US companies and are designed to evade sanctions and fund the North Korean regime's illicit programs, including its weapons programs," John Eisenberg, assistant attorney general in the National Security Division, said in a Monday statement. First, the conspirators used online background check services to obtain the personal data of over 80 Americans, the Justice Department said. Using that data, they created fake identities for a network of Chinese and Taiwanese people who lived outside America but posed as US-based IT workers or software engineers looking for remote jobs. Authorities said that once hired, the scammers would ask their employers to send work laptops to homes in New Jersey, New York, and California. But these homes were actually "laptop farms," where the computers were plugged into hard drives that gave user access to IT workers in North Korea, per the Justice Department. At least 29 suspected laptop farms in 16 states were raided by US law enforcement, the department said in its statement. Prosecutors alleged that Wang Zhengxing, one of the US citizens named in the indictment, hosted one of such laptop farm and created shell companies, such as a fake "VC-backed startup" called Tony WKJ, to receive the fake workers' salaries. The money was then sent to North Korea-controlled accounts. Wang has been arrested and faces charges in the five-count indictment, alongside eight other Chinese and Taiwanese citizens. The other US citizen named in court documents, Kejia Wang, is at large. The Justice Department said both men and four other unnamed partners working in the US received at least $696,000 in total from North Korea for their services. Four North Koreans were named in a separate criminal indictment filed in the Northern District Court of Georgia, which accused them of posing as US-based workers and laundering their salaries. They're also accused of stealing data and cryptocurrency from their employers, then lying about the theft. "How many times do I need to tell you??? I didn't do it!!! It's not me!!!" one of the fake workers wrote in a Telegram message to one of these companies in 2022, per the Justice Department. The US has been trying to crack down on what it warns is a wide-scale, concerted effort by North Korea to dupe American firms into hiring its IT workers to fund Pyongyang's government. For years, the FBI and the Justice Department have said the fraud could involve thousands of North Korean workers farming millions of dollars for weapons and missile programs. Other major indictments include the charging of an Arizona woman who was accused in May 2024 of helping North Koreans find work with over 300 companies in the US.
Axios
24 minutes ago
- Axios
Iran-linked hackers threaten to release emails stolen from Trump associates
An Iran -linked cyberattack group that hacked President Trump's 2024 campaign is threatening to release another trove of emails it has stolen from his associates, including White House Chief of Staff Susie Wiles and Roger Stone. The big picture: Reuters first reported the threat on Monday that the Cybersecurity and Infrastructure Security Agency on X called a "calculated smear campaign" — which came the same day as the Trump administration released a report warning that "Iranian Cyber Actors" may target U.S. firms and "operators of critical infrastructure." And it came three days after Trump announced he was halting plans to potentially ease sanctions on Iran after Supreme Leader Ayatollah Ali Khamenei claimed U.S. and Israeli airstrikes on Iran's nuclear facilities didn't cause major damage. Driving the news: Hackers who gave themselves the pseudonym "Robert" told Reuters in online conversations on Sunday and Monday they had around 100 gigabytes of emails involving Wiles, Stone, Trump lawyer Lindsey Halligan and adult film actress Stormy Daniels, and others. They spoke of potentially selling the emails, but did not disclose details of the material. The Justice Department alleged in an indictment last September against three Iranians in the 2024 Trump cyberattack case that Iran's Islamic Revolutionary Guard Corps oversaw the "Robert" hacking drive. What they're saying: CISA spokesperson Marci McCarthy said in a statement posted to X in response to Reuters' report that a "hostile foreign adversary" was "threatening to illegally exploit purportedly stolen and unverified material in an effort to distract, discredit and divide." McCarthy said the "so-called cyber 'attack' is nothing more than digital propaganda and the targets are no coincidence" and that it's designed to "damage President Trump and discredit honorable public servants" who serve the U.S. with distinction.
New York Post
25 minutes ago
- New York Post
DOJ memo outlines plans for ‘prioritizing denaturalization' — aka yanking US citizenship — of individuals charged with certain crimes
The Justice Department will prioritize revoking the US citizenship of individuals charged with certain crimes, according to a memo issued by the agency earlier this month. 'The Civil Division shall prioritize and maximally pursue denaturalization proceedings in all cases permitted by law and supported by the evidence,' read a June 11 'enforcement priorities' memo sent by Assistant Attorney General Brett Shumate to all employees within the DOJ's Civil Division. Shumate noted that the civil division has established several 'categories of priorities for denaturalization cases' in order to 'promote the pursuit of all viable denaturalization cases … and maintain the integrity of the naturalization system while simultaneously ensuring an appropriate allocation of resources.' 'Denaturalization' was among five priorities for the DOJ's civil division listed in a June 11 memo. Getty Images The 10 categories of crimes that could lead to citizenship being stripped range from 'war crimes' to COVID loan fraud, according to the memo. Individuals 'who pose a potential danger to national security, including those with a nexus to terrorism, espionage, or the unlawful export from the United States of sensitive goods, technology, or information raising national security concerns' will be among those prioritized for denaturalization. As will individuals who 'further or furthered the unlawful enterprise of criminal gangs, transnational criminal organizations, and drug cartels.' Various forms of fraud are also listed in the memo, including 'Paycheck Protection Program (PPP) loan fraud and Medicaid/Medicare fraud' and 'fraud against private individuals, funds, or corporations.' The DOJ will also target 'individuals who committed human trafficking, sex offenses, or violent crimes.' Naturalized citizens who didn't disclose previous felonies during the process or acquired their citizenship through 'government corruption' or 'misrepresentation' could also be subject to prioritized denaturalization proceedings. The DOJ, led by Attorney General Pam Bondi, has already stripped the US citizenship of at least one person convicted of possession of child pornography. AP 'Any other cases referred to the Civil Division that the Division determines to be sufficiently important to pursue' will also meet the priority threshold, according to the memo. 'These categories are intended to guide the Civil Division in prioritizing which cases to pursue; however, these categories do not limit the Civil Division from pursuing any particular case, nor are they listed in a particular order of importance,' Shumate noted. 'Further, the Civil Division retains the discretion to pursue cases outside of these categories as it determines appropriate.' Denaturalization is among the DOJ's top five enforcement priorities for the civil division, which also lists 'Combatting Discriminatory Practices and Policies,' 'Ending Antisemitism,' 'Protecting Women and Children' and 'Ending Sanctuary Jurisdictions' as top concerns. At least one person has been denaturalized since the memo was issued. Elliott Duke, a British national convicted of receipt and possession of child pornography in 2014, was stripped of his US citizenship on June 13, according to the DOJ. Duke was granted US citizenship in 2013 after enlisting in the US Army the year prior. He claimed on his 2013 citizenship application that he had never committed a crime for which he was not arrested, but the DOJ determined that in 2012, while serving in Germany, Duke began receiving and distributing child sexual abuse material. Duke's denaturalization case was investigated under 'Operation Prison Lookout,' which the DOJ describes as 'an ongoing national initiative involving the Justice Department and ICE to identify and prosecute sex offenders who have fraudulently obtained United States citizenship.' 'The laws intended to facilitate citizenship for brave men and women who join our nation's armed forces will not shield individuals who have fraudulently obtained US citizenship by concealing their crimes,' Shumate said in a statement. 'If you commit serious crimes before you become a US citizen and then lie about them during your naturalization process, the Justice Department will discover the truth and come after you.'
