Unveiled Operations of North Korean IT Workers and Their Accomplices in the US Revealed by Authorities
In a recent development, the FBI has issued a warning to U.S. businesses, urging them to exercise caution when screening their remote employees to avoid falling victim to similar ruses. This advisory comes amidst ongoing investigations into a scheme where North Korean actors have been accused of stealing and laundering cryptocurrencies, as well as compromising the identities of American citizens and accessing sensitive employer data.
The FBI has been actively investigating this matter, conducting searches at 21 "known and suspected laptop farms" across 14 states. These searches, which were part of open investigations in Colorado, Missouri, and Texas, led to the seizure of more than 130 laptops.
The operation, which ran from 2021 until October 2024, saw U.S.-based facilitators setting up shell companies to legitimise their activities and transferring money to overseas co-conspirators. Four North Koreans, accused of stealing and laundering cryptocurrencies valued at over $900,000 from two companies, have not been named or detailed in the provided search results.
Authorities have charged four North Korean nationals with wire fraud and money laundering in a separate case, involving the theft and laundering of cryptocurrency valued at over $900,000 from two companies. This scheme also saw North Korean IT workers accessing sensitive employer data, including restricted data from a California-based defence contractor that develops artificial intelligence-powered equipment and technologies.
The FBI, in a statement, reaffirmed its commitment to defending the homeland and protecting Americans from being victimized by the North Korean government. The senior FBI official stated that there is still work to be done and they continue to grow and adapt with this threat as it continues to evolve and change.
The government's investigation into North Korea's deployment of IT workers abroad to illegally earn money for the regime is gaining momentum, with the Department of Justice announcing an investigation into this matter.
Corporate stakeholders are expressing a growing concern about the risk posed by such schemes, with many seeking to better understand the risk calculus of their technology stacks, asking the question: Are we a target?
The scheme disrupted by the authorities in October 2024 saw multiple U.S.-based facilitators, including New Jersey residents Zhenxing Wang and Kejia Wang, working with foreign nationals to compromise the identities of over 80 U.S. citizens and get jobs at over 100 U.S. companies, resulting in at least $3 million in expenses. Zhenxing Wang was arrested, while the status of Kejia Wang was not immediately provided.
In addition to the seizure of laptops and other devices, the FBI and the Defense Criminal Investigative Service also seized 17 more websites, along with 29 money-laundering accounts that the government said held "tens of thousands of dollars in funds."
It is important to note that one California resident who helped facilitate the operation was an active-duty U.S. military service member with a Secret security clearance. This incident underscores the need for vigilance and careful screening of remote employees, as well as the ongoing threat posed by North Korea's IT worker scheme.
The FBI's warning and the ongoing investigations highlight the pervasive nature of North Korea's IT worker scheme, which represents "both a threat to U.S. national security and [a cause of] significant losses to our private sector industries." As such, it is crucial for businesses to remain vigilant and take necessary precautions to protect themselves from such threats.
