DOJ Indictments, Enforcement Actions Follow Nationwide Search for ‘Laptop Farms’
The U.S. Department of Justice announced a crackdown Monday on scams that helped North Korean operatives infiltrate the remote IT workforce or more than 100 U.S. companies, outlining how hackers and IT workers posing as Americans stole sensitive data and funneled millions back to Pyongyang’s weapons programs.
See Also: New Attacks. Skyrocketing Costs. The True Cost of a Security Breach.
The department unsealed two indictments in Georgia and Massachusetts and announced the seizure of 29 financial accounts used to launder illicit funds and 21 fraudulent websites after nationwide searches of 29 suspected “laptop farms across 16 states.” Prosecutors charged U.S. citizen Zhenxing “Danny” Wang of New Jersey and unsealed a separate five-count indictment in Georgia against four North Korean nationals – Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju and Chang Nam Il – accused of stealing more than $900,000 in virtual currency and laundering the proceeds.
North Korean workers used stolen identities, fake websites and U.S. shell companies to land hundreds of jobs – sometimes inside defense firms handling export-controlled technology, senior Justice officials told reporters during a media briefing Monday. Once inside, workers exfiltrated sensitive data and laundered wages through a web of complex international networks, DOJ said.
“Not only are these individuals evading sanctions and generating revenue for the North Korean regime but they also pose a large national security threat,” one senior official said, citing Pyongyang’s exfiltration of sensitive data from major U.S. companies. North Korean operatives built elaborate fake identities by buying stolen Social Security numbers and using fake driver’s licenses to pass background checks at U.S. firms.
In the Massachusetts case, prosecutors say in unsealed court documents that U.S. facilitators helped North Korean workers infiltrate more than 100 companies, including a California defense contractor whose systems they accessed to steal data governed by the International Traffic in Arms Regulations. Overall, the scams compromised the identities of more than 80 Americans, generated over $5 million for Pyongyang and left companies facing millions in damages and security costs.
Investigators said the operatives relied on encrypted communication platforms to arrange payments and evade detection, revealing extensive efforts that helped North Koreans infiltrate critical supply chains. In one case, North Koreans posing as IT workers secured jobs at a Georgia-based blockchain research and development firm and stole nearly $740,000 in virtual currency.
John Eisenberg, assistant attorney general for the DOJ’s national security division, said the North Korean schemes “target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs.” A press release announcing the enforcement actions said the operatives stole “sensitive employer information such as export controlled U.S. military technology” and warned that most of the operations are still active, putting companies across many sectors at risk.
A May report from cybersecurity firm DTEX described how North Korean operatives – driven more by survival than ideology – are trained from childhood to become military cyber agents and covert IT contractors, funneling tens of millions of dollars to Pyongyang to sidestep Western sanctions. The report warned North Korea’s cyber program is growing, fueled by more aggressive tactics such as using supply chain attacks to breach financial services firms and launching propaganda campaigns (see: North Korea’s Hidden IT Workforce Exposed in New Report).
Officials said the North Korean operatives named in the latest indictments remain at large and gave no timeline or details on plans for their arrest. The Justice Department and FBI did not immediately respond to requests for comment.
Read more on GovInfoSecurity.com
