The United States Department of Justice (DOJ) has revealed coordinated enforcement actions against an alleged North Korean operation designed to infiltrate US companies and steal crypto assets.
Authorities say the scheme involved the use of stolen identities from over 80 Americans to fraudulently obtain work-from-home jobs at more than 100 companies, including several Fortune 500 firms.
One federal indictment in Georgia outlined how four North Korean nationals allegedly stole over $900,000 in cryptocurrency from two US firms.
The operation reportedly involved assistance from individuals based in the United States, China, the United Arab Emirates, and Taiwan. These collaborators allegedly helped North Korean operatives create front companies and fraudulent websites to support their remote job applications.
Authorities say they also hosted “laptop farms” where North Korean workers could access US employer-provided systems remotely. Assistant Attorney General John A. Eisenberg of the DOJ’s National Security Division stated:
These schemes target and steal from US companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs.
Federal agencies emphasized the national security implications of such schemes. FBI Cyber Division Assistant Director Brett Leatherman. noted:
North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime.
Assistant Director Roman Rozhavsky of the FBI’s Counterintelligence Division further highlighted that the effort was not merely criminal but geopolitical, stating:
North Korea remains intent on funding its weapons programs by defrauding US companies and exploiting American victims of identity theft.
Meanwhile, the FBI is calling on companies to increase due diligence when hiring remote IT personnel, especially amid the rise of decentralized digital workforces.
Featured image created with DALL-E, Chart from TradingView
