The US Department of Justice announced on the 30th that six Chinese nationals, two Taiwanese nationals, and one US citizen are suspected of helping IT personnel associated with North Korea to obtain remote work opportunities from over a hundred American companies, bringing in at least US$5 million (21.07 million MYR) in revenue to support North Korean weapons programs. These nine individuals have been indicted.
To curb North Korea's missile and nuclear weapons development, the United Nations has imposed sanctions on North Korea to cut off related sources of funding. The US Department of Justice quoted court documents as saying that the North Korean government sends out thousands of highly skilled IT professionals around the world, using stolen US identities to obtain remote IT positions with American companies, generating income for North Korea's weapons of mass destruction programs.
The Department of Justice indicated that in Boston, Massachusetts, Taiwanese nationals Liu Mengting and Liu En were among the nine indicted. Financial accounts, websites, and laptops allegedly used for fraud have also been seized.
The “victims” include companies listed among the Fortune 500, as well as a defense contractor based in California. These companies were misled into believing that the employees they hired were working inside the US, when in fact, most were located in North Korea or China, with salaries funneled into accounts linked to North Korea.
Matt Olsen, head of the DOJ's National Security Division, stated in a release that these schemes target funds from US companies, aiming to evade sanctions and finance North Korea's illegal activities, including weapons programs.
The defendants are accused of setting up financial accounts to receive the proceeds and creating fake websites for shell companies to give the impression that these employees belonged to legitimate businesses. They also received help from unidentified individuals within the US, enabling remote access to computer systems and tricking victimized companies into believing employees were logging in from within the US.
According to court documents, in October 2024, law enforcement conducted searches at seven locations in New York, New Jersey, and California. Interviews were conducted at so-called "laptop farms," places storing corporate laptops for such fraudulent schemes, resulting in the seizure of more than 70 devices belonging to victim companies.
Additionally, law enforcement agencies have seized 21 fraudulent websites used to assist North Korean IT operations and frozen 29 financial accounts containing tens of thousands of dollars, which were used to launder money for the North Korean regime through remote IT work.
On the 30th, Georgia also announced a similar lawsuit, accusing four North Korean nationals of using false identities to gain access to a blockchain development company based in Atlanta, stealing hundreds of thousands of dollars in virtual currency, and laundering the proceeds overseas.
The DOJ noted that the method in the Georgia case differs from traditional North Korean IT operatives, who typically seek jobs just to remit salaries back to North Korea. In this instance, defendants allegedly worked at virtual currency firms to gain trust and then steal digital assets.