An FBI agent stands with his back turned, displaying the agency’s bold yellow-lettered insignia. (Pic/DOJ/FBI/Gettyimages)
U.S. federal authorities have launched a sweeping crackdown on a sophisticated North Korean remote IT fraud operation, arresting a U.S. national and dismantling multiple so-called “laptop farms” used to mask North Korean identities behind American companies’ remote jobs.
In a coordinated operation spanning 16 states, the Department of Justice (DOJ) and the FBI revealed they seized nearly 200 computers, 29 financial accounts, and 21 fraudulent websites tied to the North Korean scheme.
Understanding North Korean Remote IT Fraud
Authorities said North Korean operatives used stolen identities of more than 80 Americans to pose as remote IT workers, securing jobs with U.S. companies under false pretenses.
These actions, according to the DOJ, not only defrauded employers but also generated revenue for North Korea’s sanctioned weapons programs.
“This is about deception, theft, and sanctions evasion,” said Assistant Attorney General Matthew Olsen. “Let the actions announced today serve as a warning.”
More details are outlined in the official Politico report.
How Laptop Farms Enabled the Scheme
The scheme relied heavily on “laptop farms”—U.S.-based setups where individuals allowed DPRK operatives to remotely access company-issued devices via VPNs and KVM switches. These setups made it appear as if the work was being conducted domestically.
One of those arrested, Zhenxing “Danny” Wang, operated Hopana Tech LLC out of New Jersey and allegedly helped North Korean IT workers obtain remote U.S. jobs. According to prosecutors, he routed over $6.8 million through the scheme.
For further breakdown, the DOJ indictment is available here.
Massive Digital Footprint and Financial Damage
Authorities said that over $5 million in payments were funneled through the fraudulent operations. One incident involved a Georgia-based blockchain company that lost nearly $900,000 in digital assets to an insider in the scheme.
FBI Deputy Assistant Director Brett Leatherman emphasized the national security implications: “These are not just economic crimes; they are threats to U.S. infrastructure and security.”
U.S. Companies Urged to Tighten Verification
The FBI issued a renewed warning to U.S. employers to bolster verification protocols for remote hires, especially in IT roles.
Also Read: Iranian Missiles Intercepted in Strike on US Base in Qatar
Companies are advised to review the joint advisory released in May 2022 on detecting North Korean IT worker tactics, accessible here.
Preventing Future Remote Work Exploits
Cybersecurity experts told CyberScoop that growing remote work infrastructure and freelance platforms have become high-risk channels for these kinds of state-sponsored exploits.
The DOJ is expected to push for stricter KYC policies in staffing platforms to stem this threat.
The DOJ’s full press release and updated enforcement guidance are posted on justice.gov.
