North Korea’s Global Scheme: Unraveling a Multimillion-Dollar Scam

Federal authorities have uncovered a complex scheme by the Democratic People’s Republic of North Korea (DPRK) to fund its regime through remote IT work for U.S. companies. The Department of Justice (DOJ) announced two indictments, tech and financial seizures, and an arrest, revealing the scope of the operation. North Korean actors worked with individuals in the U.S., China, the United Arab Emirates, and Taiwan to obtain employment with over 100 U.S. companies, including Fortune 500 companies .

The schemes involved U.S.-based individuals creating front companies and fraudulent websites to promote the legitimacy of remote workers, while hosting laptop farms where remote North Korean IT workers could access company-provided laptop computers. In another scheme, IT workers in North Korea used false identities to gain employment with a blockchain research and development company in Atlanta, Georgia, and steal virtual currency worth over $900,000. The DOJ seized 17 web domains and 29 financial accounts holding tens of thousands of dollars, used to launder revenue for the North Korean regime.

The indictments allege that the defendants compromised the identities of over 80 people in the U.S. to obtain remote jobs at more than 100 companies, causing at least $3 million in damages and losses. The DOJ emphasized the threat posed by North Korean cyber operatives, who have been trained to blend into the global digital workforce and systematically target U.S. companies. The agency vowed to continue protecting U.S. businesses and ensuring they are not inadvertently fueling the DPRK’s unlawful ambitions.