The U.S. Department of Justice announced on Monday a significant crackdown against a major cyber operation led by North Korea, alleging the regime utilized remote workers placed covertly into American tech companies to generate revenue, steal data, and siphon cryptocurrency to support North Korea’s nuclear weapons program.
At the center of the multi-state investigation is a U.S. citizen, Zhenxing “Danny” Wang, who was arrested and charged in New Jersey. Officials accuse Wang of masterminding a long-running scheme that secretly employed North Korean IT workers at U.S. technology firms, enabling them to earn money that ultimately benefited the North Korean government. The alleged scheme, according to prosecutors, netted more than $5 million in profits for North Korea.
Wang faces charges including conspiracy to commit wire fraud, identity theft, and money laundering.
Additionally, eight other individuals have been indicted—six Chinese nationals and two Taiwanese citizens—on charges related to conspiracy, money laundering, identity theft, hacking, wire fraud, and sanctions violations, according to the Justice Department.
Prosecutors assert that, between 2021 and 2024, the defendants stole the identities of more than 80 American citizens to fraudulently obtain employment at over 100 U.S. firms, causing approximately $3 million in damages tied to legal expenses and remedial actions tied to data breaches.
Investigators detailed an operation where laptop farms located inside the United States allowed North Korean remote workers to obscure their actual locations. By employing keyboard-video-mouse switches, or KVMs, some conspirators could manipulate several computers simultaneously, further masking their digital footprints. Shell companies were allegedly established to legitimize the hired remote workers in the U.S. and to facilitate the transfer of earnings overseas.
In addition to siphoning money, the accused allegedly stole sensitive corporate data, such as proprietary source code. The DOJ cited a specific incident involving an unnamed California-based defense contractor that specializes in artificial intelligence technology, reportedly compromised by these individuals.
Earlier this month, FBI officials conducted searches across 21 locations in 14 states, seizing 137 laptops and uncovering material evidence related to the broader conspiracy. Furthermore, authorities report confiscating 21 web domains, 29 financial accounts involved in money-laundering transactions totaling tens of thousands of dollars, and an additional 70 laptops and remote-control devices like KVM switches.
Prosecutors also revealed a parallel indictment against five North Korean nationals for wire fraud and money laundering, alleging these individuals stole more than $900,000 in cryptocurrency assets from two undisclosed companies through impersonation and identity theft.
U.S. Attorney Leah B. Foley of Massachusetts emphasized the severity of these infiltration efforts, describing the regime’s deployment as a strategic operation placing “thousands of North Korean cyber operatives” into the global workforce, with the explicit intent of systematically targeting and compromising U.S. businesses.
