The U.S. Department of Justice (DOJ) has accused North Korean officials of engaging in a “smear campaign” following the announcement of investigations into various schemes orchestrated by the Democratic People’s Republic of North Korea (DPRK) to fund its regime through illicit remote IT work for U.S. companies. Earlier this week, the DOJ reported that North Korean operatives, aided by individuals from the U.S., China, the United Arab Emirates, and Taiwan, were able to secure employment with over 100 American companies, including several Fortune 500 firms. These operatives allegedly acquired laptops from the companies, allowing North Korean IT workers to access them remotely. In another instance, they used fictitious identities to infiltrate a blockchain development company in Atlanta, Georgia, stealing more than $900,000 in virtual currency.
The DOJ’s announcement included the unsealing of a five-count indictment against Zhenxing Wang, a New Jersey resident who has since been arrested. Wang and his co-conspirators are accused of garnering over $5 million in revenue through these unauthorized IT roles. The indictment also lists several individuals from China and Taiwan, along with another U.S. national, Kejia “Tony” Wang, also implicated separately in the scheme. North Korean state news agency KCNA reported that a spokesperson from the DPRK’s Foreign Ministry criticizes the U.S. judicial actions against its citizens as unfounded cybercrime allegations aimed at tarnishing the country’s reputation.
The spokesperson for the DPRK denounced what they described as an “absurd smear campaign” and argued that the U.S. has long threatened DPRK cybersecurity, manipulating cyber issues for political gain. They emphasized that the accusations against North Korea are part of a broader scheme to undermine the image of the DPRK and infringe on its citizens’ rights. The statement from DPRK officials reflected strong discontent regarding the U.S. allegations, suggesting it is an attempt to create instability in international cyberspace rather than the actions of North Korea.
According to the indictment filed by the DOJ, from 2021 through most of 2024, over 80 Americans had their identities compromised to obtain remote jobs at a multitude of companies. Victim companies suffered resultant damages, including legal fees and losses that total at least $3 million. Kejia and Zhenxing Wang, along with several other U.S. facilitators, purportedly set up shell companies, making it seem like the overseas IT workers were legitimate U.S. businesses. Once established, these companies facilitated the laundering of money to co-conspirators abroad, receiving significant compensation for their services in return.
One notable aspect of the fraud scheme involved a defense contractor working on artificial intelligence technologies. The defendants reportedly accessed sensitive data that fell under International Traffic in Arms Regulations (ITAR), further complicating the implications of their actions. This breach heightens concerns not only about cybersecurity but also about national security, as sensitive information could potentially end up in the hands of adversarial nations.
Further complicating matters, the DOJ revealed additional indictments against four North Korean nationals for allegedly orchestrating a separate scheme to steal virtual currency valued at over $900,000 and to launder the proceeds. These accused individuals, identified as Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Change Nam II, are currently at large and considered fugitives by the FBI. The DOJ, along with the FBI and Defense Criminal Investigative Service (DCIS), has taken decisive steps, including seizing web domains and financial accounts linked to the fraudulent activities, aiming to disrupt these networks facilitating North Korea’s cyber-enabled strategies.
