US brings charges in North Korean remote worker scheme that officials say funds weapons program
FILE - The U.S. Department of Justice logo is seen on a podium before a press conference with Attorney General Pam Bondi, Tuesday, May 6, 2025, at the Justice Department in Washington. (AP Photo/Julia Demaree Nikhinson, file)
Tired of too many ads?
Remove Ads
Tired of too many ads?
Remove Ads
The Justice Department announced criminal charges Monday in a scheme by North Korea to fund its weapons program through the salaries of remote information technology workers employed unwittingly by U.S. companies.The charges arose from what law enforcement officials described as a nationwide operation that also resulted in the seizure of financial accounts, websites and laptops that were used to carry out the fraud.Separate cases in Georgia and Massachusetts represent the latest Justice Department effort to confront a persistent threat that officials say generates enormous revenue for the North Korean government and in some cases affords workers access to sensitive and proprietary data from the American corporations that hire them.The scheme involved thousands of workers who, armed with stolen or fake identities, were dispatched by the North Korean government to find work as remote IT employees at American companies, including Fortune 500 corporations. The companies were duped into believing that the workers they hired were based in the U.S. when many were actually stationed in North Korea or China, and the wages the victimized companies paid were transferred into accounts controlled by co-conspirators affiliated with North Korea, prosecutors say."These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime's illicit programs, including its weapons programs," Assistant Attorney General John Eisenberg, the head of the Justice Department's National Security Division, said in a statement.In one case exposed on Monday in federal court in Massachusetts, the Justice Department said it had arrested one U.S. national and charged more than a half dozen Chinese and Taiwanese citizens for their alleged roles in an elaborate fraud that prosecutors say produced several millions of dollars in revenue and affected scores of companies.The conspiracy, court papers say, involved the registration of financial accounts to receive the proceeds and the creation of shell companies and fake websites to make it look like the remote workers were associated with legitimate businesses. Enablers inside the United States facilitated the workers' remote computer access, tricking companies into believing the workers were logging in from U.S. locations.The Justice Department did not identify the companies that were duped, but said that some of the fraudulent workers were able to gain access to and steal information related to sensitive military technology.The case filed in Georgia charges four North Korean IT workers with stealing virtual currency worth hundreds of thousands of dollars from their employers. The defendants remain at large.The Justice Department has filed similar prosecutions in recent years, as well as created an initiative aimed at disrupting the threat.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
an hour ago
- Time of India
The Real Trump Shocker
The Real Trump Shocker Ruchir Sharma Jul 1, 2025, 20:11 IST IST It's incredible that to date he has had so little impact in America. Markets are strong, growth hasn't slowed, and treasury's recording revenue from tariffs but tariffs aren't impacting prices. It's suddenly fashionable to talk about how the era of ' American exceptionalism ' is ending, given Trump's policies, the dollar's decline, and the fact that so far this year US stock market is underperforming its international rivals by the widest margin since 1987. The surprise however is that despite the shocks emanating from Washington and West Asia, US stocks are still grinding higher. And so are US bond prices, despite the exploding US deficit. American market performance is less exceptional because the rest of the world is rising, not because US is declining.
Mint
an hour ago
- Mint
Satellite images capture activity at Iran's Fordow nuclear site after US Strikes
Satellite images show Iran has built a new access road at its Fordow uranium enrichment site and moved in construction equipment that could be used to assess the damage done to the key underground nuclear facility by last month's U.S. airstrike. The imagery captured over the weekend by Maxar Technologies, a commercial satellite company, shows a new road up the mountain where the Fordow nuclear facility is located along with a number of vehicles, including what analysts have identified as an excavator and a mobile crane. An analysis of the images by the Institute for Science and International Security, a think tank studying the Iranian nuclear program, said the excavator was likely preparing a staging area to send cameras or personnel down the holes made by American bombs to inspect the damage done to the underground facility. American long-range bombers dropped 12 huge 'bunker buster' bombs on the facility on June 22. The 30,000-pound Massive Ordnance Penetrator weapons were designed to pierce deep into the mountain before exploding underground, leaving behind holes that can be seen in satellite photos. The Institute for Science in its analysis said it observed no visible activity at Fordow's tunnel entrances, which were filled in. Several of the trucks visible in the satellite images appear to be dump trucks used to haul away debris. The images have been released during an debate over the extent of the damage from the U.S. airstrikes, which followed days of Israeli strikes on the country. President Trump and his administration say the strikes by bunker busters and cruise missiles on the key Fordow, Natanz and Isfahan sites 'obliterated' Iran's nuclear capabilities. An initial assessment by the Defense Intelligence Agency that surfaced last week said the strikes likely only set back the Iranian nuclear program by a few months. The White House has pushed back on the report. Nuclear experts including former U.S. officials say that a seemingly small setback could significantly shift the diplomatic and military calculus around Iran's nuclear program. One question surrounding the future of Iran's nuclear program is the fate of its stockpile of highly enriched uranium and the centrifuges used to enrich the fuel. Some of the equipment and material may have been moved from Iran's nuclear sites before the U.S. attack, nuclear experts say. The International Atomic Energy Agency's inspectors lost the ability to track Iran's manufacturing of centrifuges because of restrictions imposed by Iran. The restrictions were in response to Trump's withdrawal in 2018 from the 2015 international agreement designed to limit Iran's nuclear program in exchange for sanctions relief. Rafael Mariano Grossi, the IAEA's director general, said on Sunday that Iran could have enough centrifuges spinning in a matter of months, if it decides, to resume enriching uranium. 'It is clear that there has been severe damage, but it's not total damage,' he said. 'The industrial capacity is there. Iran is a very sophisticated country in terms of nuclear technology, as is obvious. So you cannot disinvent this,' he said in an interview with CBS's 'Face the Nation.' Write to Jared Malsin at
Time of India
an hour ago
- Time of India
US cracks down on North Korean-backed fraud ring that netted millions in crypto and cash
The US government announced a big crackdown on an international fraud ring linked to North Korea, involving North Korean IT workers and other conspirators. More than a dozen people were named in two new indictments, including a man from New Jersey called Zhenxing 'Danny' Wang. The fraud ring made over $5 million illegally and took hundreds of thousands in fees from US conspirators. Four North Korean nationals were charged for stealing nearly $1 million in cryptocurrency in a separate indictment, as per reports. Authorities searched 29 'laptop farms', places where laptops were used for the scam, in 16 US states and seized 29 financial accounts used to launder money and crypto. The scheme involved stealing identities of over 80 Americans and getting fake remote jobs at more than 100 companies, including many big Fortune 500 firms, as per the report by Fortune. North Korean IT workers traveled to the United Arab Emirates, used stolen IDs to pose as remote workers, got jobs at American companies, and stole digital currency to help fund North Korea's nuclear weapons program. The fraud evolved from using fake IDs to creating American front companies that helped hide the North Korean workers' true identity and made the scheme look real. These front companies received laptops sent by US companies for remote workers. The laptops were hosted at 'laptop farms' to let North Korean workers access them remotely, as per the report by Fortune. Live Events The stolen money was sent to North Korea's leadership to support their weapons and missile programs. FBI Assistant Director Roman Rozhavsky said North Korea uses fraud and identity theft to fund its weapons programs, but the FBI is working hard to stop them. Thousands of trained North Korean IT workers are spread worldwide, tricking companies into hiring them remotely to steal money and gather intelligence. The UN estimates this scheme earns North Korea between $200 million and $600 million yearly, not counting crypto theft which could be billions, as mentioned by Fortune report. Fake companies, real damage US Attorney Theodore Hertzberg said these charges warn the public about dangers from state-sponsored cybercriminals and urged companies to carefully check remote workers. Hertzberg advised companies to hire Americans and verify employees thoroughly, preferably in person, especially in the virtual currency space. Zhenxing 'Danny' Wang founded a fake software company called Independent Lab. Laptops were sent to him at his home where he installed remote software for North Korean workers overseas to use. Wang collected payment from US companies and sent the money to overseas conspirators. ALSO READ: Lady Gaga a no-show at Jeff Bezos wedding after reported clash over multi-million dollar fee Other accomplices included people in New York, California, and even an active-duty US military member, hosting laptop farms for money. The fraud caused at least four big companies to lose $100,000 or more each. The fraud also involved a California defense contractor from which sensitive military tech documents were stolen, as per the Fortune report. The fraud affected companies in many states across the US, including California, Massachusetts, New York, New Jersey, Florida, Georgia, and more. Security expert Michael Barnhart said the arrests show North Korean IT workers don't just steal money but can also harm national security by accessing trusted company networks. Barnhart warned companies to rethink hiring processes to avoid such threats. Assistant Attorney General John Eisenberg said the Justice Department will keep fighting these cyber-enabled networks to stop North Korea's illicit programs. The second indictment described four North Korean IT workers who used fake IDs to get jobs at US companies in Atlanta and stole nearly $1 million in crypto, according to the report by Fortune. Stolen crypto and cover-up tricks They laundered the stolen crypto to hide its origin before sending it to North Korea. One worker, Kim Kwang Jim, used a fake Portuguese ID to get hired and then stole millions of crypto tokens by changing the company's smart contract code. Kim tried to excuse the theft by blaming a 'github refactor' but was accused via Telegram messages by the company founder. Another worker, Jong Pong Ju, used the fake name 'Bryan Cho' to get hired and stole crypto worth about $175,000. Jong helped hire another fake employee called 'Peter Xiao,' who was really another defendant, as stated by Fortune report. Jong sent a video using a fake Malaysian driver's license to prove his fake identity to the company and gained more access. After stealing crypto, Jong said he 'accidentally dropped the private key' in a public file on Github, as a cover story. The stolen crypto was laundered using a crypto mixer called Tornado Cash, which hides the money's trail. Kang Tae Bok, another defendant, opened accounts with fake IDs to receive the mixed crypto funds. The FBI will soon release a new 'Wanted' poster for these defendants. Tornado Cash and Wang did not respond to requests for comments, as per the Fortune report. US Attorney Hertzberg said the case shows the danger North Korea poses by using fake remote workers and that the US will prosecute anyone stealing from American companies. FAQs Q1. How did North Korean hackers steal millions from US companies? They used fake identities and front companies to get remote jobs and stole money and cryptocurrency. Q2. What is the US doing to stop North Korean fraud schemes? The US government is arresting suspects, shutting down fake companies, and warning businesses to check remote workers carefully. Economic Times WhatsApp channel )
