The Justice Department announced criminal charges Monday in a scheme by North Korea to fund its weapons program through the salaries of remote information technology workers employed unwittingly by U.S. companies.
The charges arose from what law enforcement officials described as a nationwide operation that also resulted in the seizure of financial accounts, websites and laptops that were used to carry out the fraud.
Separate cases in Georgia and Massachusetts represent the latest Justice Department effort to confront a persistent threat that officials say generates enormous revenue for the North Korean government and in some cases affords workers access to sensitive and proprietary data from the American corporations that hire them.
The scheme involved thousands of workers who, armed with stolen or fake identities, were dispatched by the North Korean government to find work as remote IT employees at American companies, including Fortune 500 corporations. The companies were duped into believing that the workers they hired were based in the U.S. when many were actually stationed in North Korea or China, and the wages the victimized companies paid were transferred into accounts controlled by co-conspirators affiliated with North Korea, prosecutors say.
U.S. District Court District of Massachusetts 
On Monday, U.S. prosecutors announced the arrest of U.S. national Zhenxing “Danny” Wang of New Jersey. A five-count indictment describes a “multi-year fraud scheme by Wang and his co-conspirators to obtain remote IT work with U.S. companies that generated more than $5 million in revenue,” the Justice Department said.
The indictment also charges six Chinese nationals and two Taiwanese nationals for their roles in the scheme.Â
“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” Assistant Attorney General John Eisenberg, the head of the Justice Department’s National Security Division, said in a statement.
In one case exposed on Monday in federal court in Massachusetts, the Justice Department said it had arrested one U.S. national and charged more than a half dozen Chinese and Taiwanese citizens for their alleged roles in an elaborate fraud that prosecutors say produced several million dollars in revenue and affected scores of companies.
The conspiracy, court papers say, involved the registration of financial accounts to receive the proceeds and the creation of shell companies and fake websites to make it look like the remote workers were associated with legitimate businesses. Enablers inside the United States facilitated the workers’ remote computer access, tricking companies into believing the workers were logging in from U.S. locations.
The Justice Department did not identify the companies that were duped, but said that some of the fraudulent workers were able to gain access to and steal information related to sensitive military technology.
The case filed in Georgia charges four North Korean IT workers with stealing virtual currency worth hundreds of thousands of dollars from their employers. The defendants remain at large.
The Justice Department has filed similar prosecutions in recent years, as well as created an initiative aimed at disrupting the threat.
The Justice Department has charged other people living in the U.S. with similar conduct tied to the North Korean government.
Last December, a Chinese national living in California was charged after he allegedly bought and exported guns and ammunition to North Korea at the direction of North Korean agents who funneled him $2 million to buy the equipment.
In May 2024, federal prosecutors accused an Arizona woman of carrying out a scheme to help North Korean IT workers illegally obtain remote employment with American companies. The group allegedly used the identities of more than 60 individuals who lived in the U.S. to generate nearly $7 million for the North Korean government from more than 300 U.S. companies.Â
