The United States Department of Justice (DOJ) has disclosed a wide-ranging enforcement operation targeting an alleged North Korean effort to infiltrate the American technology sector via covert remote IT workers.
The scheme, reportedly spanning several years, is said to have generated more than $5 million in illicit revenue for the Democratic People’s Republic of Korea (DPRK) and has been linked to both data theft and the regime’s nuclear weapons financing.
Announced on Monday, the multi-state initiative culminated in the arrest and indictment of Zhenxing “Danny” Wang, a U.S. citizen based in New Jersey. Wang is accused of orchestrating a fraud network that facilitated employment for North Korean IT operatives within U.S.-based technology companies. According to prosecutors, Wang’s role included creating fictitious identities, managing fraudulent job placements, and laundering proceeds through front companies and bank accounts.
The indictment states that from 2021 to 2024, Wang and his co-conspirators used stolen or fabricated identities to impersonate more than 80 individuals, securing remote positions at over 100 U.S. firms. The affected companies reportedly incurred at least $3 million in damages, including legal fees, security remediation, and reputational harm.
Leah B. Foley, U.S. Attorney for the District of Massachusetts, noted the scale of the operation: “Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies.”
In addition to Wang, federal prosecutors announced charges against eight other individuals: six Chinese nationals and two Taiwanese citizens. They face allegations including conspiracy to commit wire fraud, money laundering, identity theft, and unauthorised access to computer systems. The group is further accused of violating U.S. sanctions law by aiding DPRK nationals in obtaining employment within restricted sectors.
A notable feature of the operation was the use of so-called “laptop farms” — physical sites within the U.S. where clusters of computers were made accessible remotely to North Korean operatives. The DOJ revealed that these laptop farms were set up in at least 21 locations across 14 states, all of which were raided by the Federal Bureau of Investigation in June. A total of 137 laptops were seized in those searches.
The network also utilised keyboard-video-mouse (KVM) switches to facilitate remote access, allowing DPRK operatives to control U.S.-based hardware and avoid detection. In addition, shell companies were allegedly established to provide a façade of legitimacy, enabling the transfer of payments and concealing the true identities and locations of the workers.
Among the most serious allegations is the theft of sensitive corporate data. One of the North Korean operatives is said to have exfiltrated proprietary source code from a California-based defence contractor specialising in artificial intelligence systems. The DOJ has not publicly named the company involved.
The operation also included the seizure of digital infrastructure and financial assets linked to the scheme. Authorities reported confiscating 21 web domains, 29 financial accounts allegedly used to launder funds, and more than 70 laptops and remote-access devices.
In a separate but related case, five North Korean nationals were indicted for wire fraud and money laundering tied to cryptocurrency theft. Using fake or stolen identities, the individuals allegedly stole over $900,000 in digital assets from two unidentified firms.
The DOJ’s actions form part of a broader U.S. strategy aimed at disrupting the DPRK’s overseas income streams, which are heavily reliant on cybercrime and illicit labour exports. According to American and allied intelligence assessments, Pyongyang deploys thousands of trained cyber operatives across Asia, the Middle East, and increasingly via remote access to Western digital infrastructure, in pursuit of funds to support its nuclear and ballistic missile programmes.
The Treasury Department has previously warned companies in the United States and allied nations to increase scrutiny of remote hires, particularly in software development and IT support roles, where North Korean workers have attempted to gain employment under false pretences.
The Department of Justice has stated that investigations remain ongoing, and further charges may follow. The case marks one of the most extensive documented examples of North Korea’s use of cyber-enabled economic operations within U.S. borders.
Read also:
OpenAI Loses Key Researchers to Meta, Reassesses Strategy to Retain Talent
