For years, the North Korean government has been quietly generating revenue in violation of international sanctions by sending its citizens abroad to apply for remote tech jobs, presenting a significant security threat. Recently, the U.S. Department of Justice (DOJ) announced a major crackdown on this scheme, revealing that over 80 American identities have been stolen for the operations.
In the wake of this revelation, the DOJ conducted a coordinated operation, leading to the arrest of one individual and indictments against two Americans involved in enabling North Korean tech worker impersonators. Authorities identified and searched 29 "laptop farms" in 16 states, seizing approximately 200 computers, 21 web domains, and multiple financial accounts linked to the illicit activities. The DOJ stated that North Korean operatives did not just fabricate identities but directly stole the identities of American citizens to secure employment at more than 100 U.S. companies, funneling funds back to the North Korean regime.
Michael Barnhart, a North Korean hacking expert at DTEX, noted the significance of shutting down these laptop farms, calling it a "massive" step in combating such operations. Among the Americans charged are Kejia and Zhenxing Wang from New Jersey. They are accused of helping the North Koreans by facilitating remote access to potentially sensitive information and facilitating the creation of shell companies and bank accounts to hide the illicit earnings of the scheme.
To create cover identities, the Wangs allegedly accessed private records of over 700 individuals, employing stolen driver’s licenses and Social Security cards to enable North Koreans to apply for jobs under false pretenses. Barnhart suggested that the stolen identities likely came from dark web forums, indicating that the 80-plus identities mentioned by the DOJ represent only a small fraction of thousands available from previous cyber incidents.
The DOJ’s actions are part of a broader effort to thwart North Korea’s infiltration of U.S. businesses, but experts caution that this may only be a temporary setback. Many operatives likely remain in North Korea and China, ready to adapt and continue their strategies. As Barnhart cautioned, "this is going to put a heavy dent in what they’re doing. But as we adapt, they adapt.
