Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

North Korean Hackers on the Payroll: How Companies Paid Salaries to North Korean IT Specialists

Redazione RHC : 2 July 2025 12:14

The US Department of Justice has announced the discovery ofa large-scale scheme in which fake IT specialists from the DPRK obtained jobs at American companies by posing as citizens of other countries. In fact, we at Red Hot Cyber have been talking about it for some time now that many companies were hiring North Korean employees, who were also interviewing for jobs through deepfake systems.

North Korean programmers have reportedly obtained jobs at over 100 US companies using fake or stolen identities. In addition to the salary, they stole classified information and transferred it to Pyongyang’s servers. They were also interested in cryptocurrencies: in one case, a North Korean agent stole $740,000 from his American employer.

It is important to note that this time the attackers did not use deepfakes, although such methods are becoming increasingly popular. Cyberattacks remain an important source of funding for North Korea, despite international sanctions. As early as 2022, the FBI warned that DPRK authorities were officially arranging for their programmers to work remotely abroad.

According to court documents, one of the operations began in January 2021. Zhenxing “Danny” Wang, who had created a fictitious company called Independent Lab, supposedly engaged in software development, was arrested in the United States. Through this company, he transferred $5 million to the DPRK, and American companies suffered losses of $3 million, including system restoration and legal fees.

Another defendant, Kejia “Tony” Wang, organized two front companies and so-called “laptop farms.” The companies shipped computers to their “employees,” but the devices remained in the United States and were controlled by North Korea, allowing them to hide the workers’ true locations. As a result, American participants in the scheme earned at least $696,000.

Some of the employees involved were fired after inspections. Another operation was also discovered: four North Korean citizens worked as IT specialists under false names in the United Arab Emirates, the United States, and Serbia, stealing cryptocurrencies and laundering them through Tornado Cash.

From June 10 to June 17, US authorities seized 137 laptops from suspicious “farms” in several states. A reward of up to $5 million is available for information on such activities.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli
Banner
Redhotcyber is an open-news project that was launched in 2019 and subsequently expanded into a network of individuals collaborating to disseminate information and topics focused on technology, Information Technology, and cybersecurity. Its goal is to increase risk awareness among an ever-growing number of people.

Editorial board : [email protected]

Facebook Linkedin Youtube Telegram Twitter Pinterest Tumblr