North Korean tech worker impersonators stole the identities of over 80 Americans, gaining access to sensitive U.S. defense data and laundering over $5 million through a sophisticated criminal network that the Justice Department has now moved to dismantle.
Key Takeaways
- The Justice Department has conducted coordinated raids across 16 states, seizing approximately 200 computers from 29 “laptop farms” used by North Korean IT workers to impersonate Americans.
- North Korean operatives stole sensitive data from over 100 U.S. companies, including a California-based defense contractor, potentially compromising national security.
- The scheme involved the theft of more than 80 American identities, complete with fake driver’s licenses and Social Security cards obtained from dark web forums.
- Two Americans have been indicted and one arrested for helping North Korea generate over $5 million in illicit revenue that funds the regime’s weapons programs.
- A separate indictment charged four North Korean nationals with stealing over $900,000 in virtual currency from compromised systems.
Massive Identity Theft Operation Uncovered
The Justice Department has revealed a complex web of fraud involving North Korean IT workers who stole American identities to infiltrate U.S. companies. These operatives used stolen personal information from dark web forums to create convincing false identities, complete with fraudulent documentation. The sophisticated operation allowed North Korean workers to remotely access laptops at U.S. companies, including defense contractors, giving them access to sensitive information while evading international sanctions designed to isolate the hostile regime.
“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” said Assistant Attorney General John A. Eisenberg of the Justice Department’s National Security Division.
Nationwide Crackdown on “Laptop Farms”
In a sweeping operation, federal authorities executed searches at 29 locations across 16 states, seizing approximately 200 computers from what officials describe as “laptop farms.” These centralized operations served as hubs where North Korean operatives could remotely control computers to maintain their false employment with American companies. The DOJ also seized 21 fraudulent websites and 29 financial accounts used to launder the proceeds back to North Korea, striking a significant blow to the regime’s funding sources.
“The threat posed by DPRK operatives is both real and immediate. Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies,” said U.S. Attorney Leah B. Foley for the Eastern District of Virginia.
Americans Charged as Facilitators
The investigation led to indictments against two Americans, Kejia Wang and Zhenxing Wang, with Zhenxing Wang already under arrest. These individuals allegedly helped North Korean operatives set up shell companies and maintain the infrastructure needed to impersonate American tech workers. The complex scheme involved collaborators not just in the U.S., but also in China, the United Arab Emirates, and Taiwan, demonstrating the international scope of North Korea’s efforts to circumvent sanctions.
“It’s huge,” said Michael Barnhart, a cybersecurity expert. “Whenever you have a laptop farm like this, that’s the soft underbelly of these operations. Shutting them down across so many states, that’s massive.”
Targeting America’s National Security
The implications of this scheme extend far beyond financial fraud. North Korean operatives gained access to a California-based defense contractor, where they accessed sensitive technical data that could potentially be used to enhance North Korea’s weapons programs. Additionally, a separate indictment in Georgia charged four North Korean nationals with stealing over $900,000 in virtual currency by exploiting their insider access at multiple companies, further demonstrating the regime’s focus on stealing both information and money.
“North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime,” warned Assistant Director Brett Leatherman of the FBI’s Counterintelligence Division.
This massive crackdown is part of the DPRK RevGen: Domestic Enabler Initiative, a coordinated effort targeting North Korea’s illicit revenue generation schemes. The operation shows that President Trump’s administration is taking concrete steps to protect American businesses and national security from foreign threats, especially those that directly fund hostile regimes like North Korea’s development of nuclear weapons. The DOJ has issued public advisories to help companies identify and protect themselves from similar infiltration attempts in the future.
