The US Department of Justice said it has arrested and indicted a US citizen and indicted eight overseas nationals, as part of a broader enforcement action targeting a North Korean plot that fraudulently placed its citizens in lucrative technical roles with US companies to bring in revenues to support the regime.

Justice officials indicted US citizen Zhenxing “Danny” Wang who allegedly ran a years-long scheme from New Jersey to help place North Korean IT workers into roles at US firms, generating more than $5 million (£3.6m) in revenues for the US-sanctioned country.

Wang was charged with conspiracy to commit wire fraud, money laundering and identity theft.

False identities

Six Chinese nationals and two Taiwanese nationals were charged with conspiracy to commit wire fraud, money laundering, identity theft, hacking and sanctions violations.

“Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target US companies,” said US attorney for the District of Massachusetts Leah B. Foley.

From 2021 to 2024 the people involved in the scheme impersonated more than 80 US individuals to gain 100 remote jobs at American firms, causing $3m in damages in the form of legal fees, data breach remediation efforts and other costs.

The group allegedly operated multiple laptop farms within the United States that allowed North Korean workers to appear to be US-based employees, as well as running US shell companies to make it appear that the North Korean workers were affiliated with legitimate US businesses.

The scheme also involved stealing sensitive data such as source code from the companies the North Koreans worked for, with the targeted companies including an unnamed California defence contractor that develops AI-powered equipment and technologies, the Justice Department said.

The FBI carried out searches in June at 21 locations across 14 states that were allegedly hosting laptop farms used by the scheme, with 137 laptops seized.

Authorities said they also seized at least 21 web domains, 29 financial accounts used to launder tens of thousands of dollars and more than 70 further laptops.

Crypto theft

In addition, five North Koreans were indicted for wire fraud and money laundering over the theft of $900,000 in cryptocurrency from two unnamed companies while using fake or stolen identities, the Justice Department said.

In December a US federal court in St Louis indicted 14 North Koreans for alleged roles in a scheme that used fully remote IT workers to send $88m back to North Korea over a six-year period.

The overall scheme allegedly uses thousands of North Korean IT workers who use false, stolen or paid-for identities of people in the US and other countries to gain IT jobs at US companies.

The fourteen indicted in December were part of a group of 130 North Korean IT workers who worked for two North Korea-controlled companies, Yanbian Silverstar in China and Volasys Silverstar in Russia.

North Korea is believed to be behind the biggest-ever crypto theft of $1.46bn from exchange Bybit in February of this year.