The United States Department of Justice (DOJ) has launched coordinated enforcement actions against an intricate operation allegedly run by North Korea, designed to infiltrate American companies and illicitly acquire crypto assets. According to the DOJ, North Korean nationals systematically posed as US citizens to secure remote IT jobs, with the dual aim of pilfering sensitive company data and laundering the resulting cryptocurrency earnings. These funds are believed to be channeled directly to support the sanctioned regime’s state programs, including its weapons development.

In a detailed statement, the DOJ announced significant progress in its investigation, including the filing of two indictments, one arrest, searches conducted across 16 states, and the seizure of 29 financial accounts linked to the illicit flow of funds. Authorities revealed that the scheme exploited the stolen identities of over 80 Americans, using them to fraudulently obtain work-from-home positions at more than 100 companies, notably including several Fortune 500 firms. These roles provided the perpetrators with regular salaries and, more critically, unauthorized access to sensitive corporate information. The operation has reportedly inflicted at least $3 million in damages through legal, cybersecurity, and operational costs incurred by the affected companies.

One federal indictment in Georgia specifically outlined how four North Korean nationals are alleged to have stolen over $900,000 in cryptocurrency from two US-based firms. The stolen digital assets were subsequently routed through mixing services, such as Tornado Cash, to obscure their transaction trails, before being withdrawn via accounts established with falsified Malaysian documentation. Court documents explicitly indicate that these funds were utilized to circumvent US sanctions and provide financial backing for North Korea’s regime.

The extensive nature of the operation suggests a global network of facilitators. Individuals based in the United States, China, the United Arab Emirates, and Taiwan reportedly assisted North Korean operatives in establishing front companies and creating fraudulent websites to bolster their remote job applications. Furthermore, these collaborators are accused of hosting “laptop farms,” which allowed North Korean workers to remotely access US employer-provided systems, maintaining the facade of legitimate remote employment.

Assistant Attorney General John A. Eisenberg of the DOJ’s National Security Division underscored the severity of these actions, stating that “These schemes target and steal from US companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs.” Federal agencies have emphatically highlighted the national security implications of such schemes, urging heightened vigilance from companies. FBI Cyber Division Assistant Director Brett Leatherman warned that “North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime,” adding that operators of laptop farms should anticipate scrutiny and enforcement.

The FBI estimates that this campaign represents an organized effort to funnel potentially hundreds of millions of dollars into the North Korean economy, posing a direct threat to US businesses and citizens. Assistant Director Roman Rozhavsky of the FBI’s Counterintelligence Division further emphasized the geopolitical dimension, stating that “North Korea remains intent on funding its weapons programs by defrauding US companies and exploiting American victims of identity theft.” In response, the FBI is advising companies to implement increased due diligence protocols when hiring remote IT personnel, particularly given the proliferation of decentralized digital workforces.