The U.S. Department of Justice (DOJ) has recently brought to light an elaborate operation by North Korean hackers who infiltrated more than 100 American companies, including several Fortune 500 firms, by securing remote IT employment and accessing company resources. This revelation has sparked a vehement response from North Korean officials, who have dismissed the DOJ's accusations as an "absurd smear campaign" against the Democratic People’s Republic of Korea (DPRK).
The DOJ's announcement earlier this week detailed a complex network of North Korean hackers assisted by accomplices in the United States, China, the United Arab Emirates, and Taiwan. The operatives obtained company laptops through employment, which were then remotely accessed by North Korean IT personnel. In one instance, hackers used false identities to gain employment at an Atlanta-based blockchain research and development company, subsequently stealing over $900,000 in virtual currency.
As part of the investigation, a five-count indictment was unsealed against Zhenxing Wang, a U.S. citizen residing in New Jersey, who has since been arrested. Wang, along with his collaborators, is alleged to have secured remote IT jobs, generating over $5 million in illicit revenue. The indictment also names several other accused individuals, including Chinese nationals Jing Bin Huang, Baoyu Zhou, Tong Yuze, Yongzhe Xu, Ziyou Yuan, and Zhenbang Zhou, as well as Taiwanese nationals Mengting Liu and Enchia Liu. Another U.S. national, Kejia “Tony” Wang, faces separate charges.
North Korea's state news agency, KCNA, reported a DPRK Foreign Ministry spokesperson's criticism of the U.S. judicial system’s actions against North Korean citizens accused of cybercrimes. The spokesperson described the DOJ's case as a violation of North Korean sovereignty and alleged that the U.S. government has consistently fabricated claims of a "non-existent cyber threat" from the DPRK. They further stated that the U.S. provocation threatens the rights and security of DPRK citizens, accusing the U.S. of creating instability in international cyberspace.
The DOJ's indictment covers activities from 2021 through most of 2024, alleging that the defendants and others compromised the identities of over 80 U.S. residents to secure remote employment at more than 100 companies. The victims suffered damages including legal fees and network remediation costs estimated at $3 million. The conspirators, including Kejia and Zhenxing Wang, are accused of setting up shell companies with websites and financial accounts to make the operation appear legitimate, then funneling payments from U.S. companies to overseas co-conspirators.
One of the targeted companies was a defense contractor involved in artificial intelligence technology, raising concerns over the potential access to sensitive information regulated under International Traffic in Arms Regulations (ITAR).
The DOJ also reported the seizure of 17 websites and the freezing of 29 financial accounts linked to money laundering for the DPRK regime. Additionally, a separate five-count indictment was announced against four North Korean nationals—Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Change Nam II—for wire fraud and money laundering related to the theft of virtual currency.
All four North Korean suspects remain at large and are wanted by the FBI. The DOJ continues to investigate the scope of the infiltration and its impact on U.S. companies and national security.