North Korean IT Workers Indicted for Fraud Schemes Targeting U.S. Businesses

BOSTON, Mass. — The U.S. Department of Justice announced Monday a crackdown on North Korean cyber operations that have defrauded more than 100 companies, including several Fortune 500 corporations. A series of indictments revealed a scheme that generated over $5 million in revenue for the North Korean regime through fake remote information technology jobs.

North Korean operatives, using stolen identities of U.S. citizens, obtained positions at various companies, allowing them to further fund illicit weapons programs. U.S. Attorney Leah Foley described the threat as both real and immediate, highlighting that thousands of North Korean trained IT operatives are infiltrating global digital workforces.

Among those indicted is Zhenxing Wang, a U.S. citizen from New Jersey, who allegedly created front companies and facilitated remote access to U.S. company laptops using specialized technology. The indictment also charges several foreign nationals from China and Taiwan, outlining how they helped North Korean workers falsely integrate into American companies.

Assistant Attorney General John Eisenberg noted that these cyber schemes are designed to evade sanctions, with profits funneled back to North Korea. “We remain committed to disrupting these operations and holding those accountable who exploit American businesses,” Eisenberg said.

The indictment details how U.S. facilitators received compensation for hosting laptops that North Korean operatives used for illegally accessed employment. From 2021 through late 2024, the conspirators managed to compromise the identities of over 80 people, conducting remote work for goods in demand by U.S. companies.

During this time, companies incurred damages and losses totaling at least $3 million, caused by compliance costs and identification recovery. Among the targeted businesses were technology firms, including a defense contractor that develops sensitive military equipment.

In response to these crimes, federal authorities also seized 17 web domains linked to the fraudulent activities and secured multiple financial accounts that were used to launder the North Korean funds. The breadth of this operation signifies a concerning trend of cyber infiltration aimed at generating support for North Korea’s weapons programs through economic exploitation of the U.S.

“Our fight against these sophisticated threats will not cease,” U.S. Attorney Theodore Hertzberg said, emphasizing plans to proactively protect businesses against such deceptive practices.