US disrupts North Korean IT worker "laptop farm" scheme in 16 states
The U.S. Department of Justice (DoJ) announced coordinated law enforcement actions against North Korean government's fund raising operations using remote IT workers.
North Korean workers use stolen or fake identities created with the help of AI tools to get hired by more than 100 companies in the U.S., believing they employed experts from other Asian countries or the U.S. Their salaries are usually sent to the DPRK regime.
According to court documents, two individuals, Kejia Wang and Zhenxing “Danny” Wang, compromised the identities of more than 80 U.S. citizens to help North Korean workers obtain rmeote jobs at U.S. companies.
The two created multiple shell companies (e.g. Hopana Tech LLC, Tony WKJ LLC, Independent Lab LLC), financial accounts, and fake websites to make it look like the workers were affiliated with legitimate U.S. businesses.
“Danny” Wang, who has been arrested, also hosted company-issued laptops in U.S. homes, connected to KVM switches, and provided remote access to remote DPRK workers.
It is estimated that the particular operation generated more than $5 million in illicit revenue, while U.S. companies incurred an estimated $3 million in financial damages.
In addition to the monetary losses, the DoJ also mentions that sensitive data, including U.S. military tech regulated under ITAR, was accessed and exfiltrated by the North Koreans.
The law enforcement operation, part of the broader “DPRK RevGen: Domestic Enabler Initiative,” ran from October 2024 until June 2025.
It resulted in multiple searchers at 29 suspected “laptop farms” across 16 states. The authorities also seized 29 financial accounts, 21 fake websites supporting the IT workers, and two hundred computers they used in their work.
In addition to the Wangs acting as U.S.-based facilitators, the following individuals have been indicted for their involvement in IT worker schemes:
- Jing Bin Huang (Chinese national)
- Baoyu Zhou (Chinese national)
- Tong Yuze (Chinese national)
- Yongzhe Xu Chinese national)
- Ziyou Yuan (Chinese national)
- Zhenbang Zhou (Chinese national)
- Mengting Liu (Taiwanese national)
- Enchia Liu (Taiwanese national)
Authorities also identified four North Korean nationals - Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju (aka ‘Bryan Cho’) and Chang Nam Il (aka ‘Peter Xiao’), who were charged with wire fraud and money laundering for working remotely at U.S. companies under false identities.
Kim Kwang Jin is highlighted as a central figure, who worked at an Atlanta-based blockchain research and development firm since December 2020.
In March 2022, he took advantage of his position to modify the source code in two of his employer’s smart contracts, enabling the theft of cryptocurrency worth approximately $740,000 at the time, subsequently laundered through mixers like Tornado Cash.
These four North Koreans remain at large, and the ‘Rewards for Justice’ program has announced $5,000,0000 in rewards for credible information about their current location.
Free online web security scanner
