Note: This press release has been updated to reflect new information regarding the guilty plea of one defendant in the District of Massachusetts.
The Justice Department announced today coordinated actions against the Democratic People’s Republic of North Korea (DPRK) government’s schemes to fund its regime through remote information technology (IT) work for U.S. companies. These actions include two indictments, an information and related plea agreement, an arrest, searches of 29 known or suspected “laptop farms” across 16 states, and the seizure of 29 financial accounts used to launder illicit funds and 21 fraudulent websites.
According to court documents, the schemes involve North Korean individuals fraudulently obtaining employment with U.S. companies as remote IT workers, using stolen and fake identities. The North Korean actors were assisted by individuals in the United States, China, United Arab Emirates, and Taiwan, and successfully obtained employment with more than 100 U.S. companies.
As alleged in court documents, certain U.S.-based individuals enabled one of the schemes by creating front companies and fraudulent websites to promote the bona fides of the remote IT workers, and hosted laptop farms where the remote North Korean IT workers could remote access into U.S. victim company-provided laptop computers. Once employed, the North Korean IT workers received regular salary payments, and they gained access to, and in some cases stole, sensitive employer information such as export controlled U.S. military technology and virtual currency. In another scheme, North Korean IT workers used false or fraudulently obtained identities to gain employment with an Atlanta, Georgia-based blockchain research and development company and stole virtual currency worth approximately over $900,000.
“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” said Assistant Attorney General John A. Eisenberg of the Department’s National Security Division. “The Justice Department, along with our law enforcement, private sector, and international partners, will persistently pursue and dismantle these cyber-enabled revenue generation networks.”
“North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime,” said Assistant Director Brett Leatherman of FBI’s Cyber Division. “That is why the FBI and our partners continue to work together to disrupt infrastructure, seize revenue, indict overseas IT workers, and arrest their enablers in the United States. Let the actions announced today serve as a warning: if you host laptop farms for the benefit of North Korean actors, law enforcement will be waiting for you.”
“North Korea remains intent on funding its weapons programs by defrauding U.S. companies and exploiting American victims of identity theft, but the FBI is equally intent on disrupting this massive campaign and bringing its perpetrators to justice,” said Assistant Director Roman Rozhavsky of the FBI Counterintelligence Division. “North Korean IT workers posing as U.S. citizens fraudulently obtained employment with American businesses so they could funnel hundreds of millions of dollars to North Korea’s authoritarian regime. The FBI will do everything in our power to defend the homeland and protect Americans from being victimized by the North Korean government, and we ask all U.S. companies that employ remote workers to remain vigilant to this sophisticated threat.”
Zhenxing Wang, et al. Indictment, Seizure Warrants, and Arrest – District of Massachusetts
Today, the United States Attorney’s Office for the District of Massachusetts and the National Security Division announced the arrest of U.S. national Zhenxing “Danny” Wang of New Jersey pursuant to a five-count indictment. The indictment describes a multi-year fraud scheme by Wang and his co-conspirators to obtain remote IT work with U.S. companies that generated more than $5 million in revenue. The indictment also charges Chinese nationals Jing Bin Huang (靖斌 黄), Baoyu Zhou (周宝玉), Tong Yuze (佟雨泽), Yongzhe Xu (徐勇哲 andيونجزهي أكسو), Ziyou Yuan (زيو) and Zhenbang Zhou (周震邦), and Taiwanese nationals Mengting Liu (劉 孟婷) and Enchia Liu (刘恩) for their roles in the scheme. A second U.S. national, Kejia “Tony” Wang of New Jersey, has agreed to plead guilty for his role in the scheme and was charged separately in an information unsealed today.
“The threat posed by DPRK operatives is both real and immediate. Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies,” said U.S. Attorney Leah B. Foley for the District of Massachusetts. “We will continue to work relentlessly to protect U.S. businesses and ensure they are not inadvertently fueling the DPRK’s unlawful and dangerous ambitions.”
... continue reading