The U.S. Department of Justice (DOJ) has uncovered a major cybercrime scheme involving North Korean IT workers who infiltrated over 100 American companies, including Fortune 500 firms and defense contractors, through the use of false identities and remote access. The DOJ alleged that these individuals, operating under fabricated identities, were able to access sensitive corporate data, steal financial assets, and exploit U.S. companies for their own gain.
In one of the most damaging aspects of the case, North Korean IT workers used fake identities to gain employment with a blockchain research and development company in Atlanta, Georgia, ultimately stealing over $900,000 in virtual currency. The DOJ claims that the scheme involved a coordinated effort with individuals in the U.S., China, the United Emirates, and Taiwan, all working together to facilitate the fraudulent activities.
As part of the ongoing investigation, the DOJ unsealed a five-count indictment against Zhenxing Wang, a U.S. national living in New Jersey, who was subsequently arrested for his involvement in the scheme. The indictment also named several Chinese and Taiwanese nationals, including Jing Bin Huang, Baoyu Zhou, Tong Yuze, Yongzhe Xu, Ziyou Yuan, Zhenbang Zhou, Mengting Liu, and Enchia Liu.
North Korea swiftly condemned the DOJ’s actions, with the North Korean news agency KCNA reporting that a spokesperson for the DPRK Foreign Ministry accused the U.S. of engaging in a ‘smear campaign’ and violating the sovereignty of the Democratic People’s Republic of Korea (DPRK). The spokesperson claimed that the allegations were fabricated to tarnish the image of North Korea and to serve as a political weapon, rather than a genuine investigation into cybercrime.
‘The recent incident is an absurd smear campaign and grave violation of sovereignty aimed at tarnishing the image of our state as it is a continuation of the hostile move of the successive U.S. administrations that have talked much about the non-existent ‘cyber threat’ from the DPRK,’ the spokesperson reportedly said. ‘The Foreign Ministry of the DPRK expresses serious concern over the U.S. judicial authorities’ provocation which is threatening and encroaching on the security, rights and interests of our citizens by fabricating the groundless ‘cyber’ drama, and strongly denounces and rejects it.’
Additionally, the DOJ highlighted that the defendants allegedly compromised the identities of over 80 individuals in the U.S. to gain access to legitimate job positions at more than 100 companies. As a result, victims faced significant financial losses, including legal fees, computer network remediation costs, and other damages totaling at least $3 million. The DOJ also stated that one of the companies involved was a defense contractor that developed artificial intelligence-powered equipment and technology, potentially compromising International Traffic in Arms Regulations (ITAR) data.
The DOJ’s investigation also led to the seizure of 17 web domains and 29 financial accounts linked to the scheme, which were used to launder revenue for the North Korean regime. Additionally, the DOJ unveiled another part of the scheme, resulting in a five-count wire fraud and money laundering indictment against four North Korean nationals: Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Change Nam II. These suspects are currently at large and wanted by the FBI.