Redazione RHC : 2 July 2025 12:14
The US Department of Justice has announced the discovery ofa large-scale scheme in which fake IT specialists from the DPRK obtained jobs at American companies by posing as citizens of other countries. In fact, we at Red Hot Cyber have been talking about it for some time now that many companies were hiring North Korean employees, who were also interviewing for jobs through deepfake systems.
North Korean programmers have reportedly obtained jobs at over 100 US companies using fake or stolen identities. In addition to the salary, they stole classified information and transferred it to Pyongyang’s servers. They were also interested in cryptocurrencies: in one case, a North Korean agent stole $740,000 from his American employer.
It is important to note that this time the attackers did not use deepfakes, although such methods are becoming increasingly popular. Cyberattacks remain an important source of funding for North Korea, despite international sanctions. As early as 2022, the FBI warned that DPRK authorities were officially arranging for their programmers to work remotely abroad.
According to court documents, one of the operations began in January 2021. Zhenxing “Danny” Wang, who had created a fictitious company called Independent Lab, supposedly engaged in software development, was arrested in the United States. Through this company, he transferred $5 million to the DPRK, and American companies suffered losses of $3 million, including system restoration and legal fees.
Another defendant, Kejia “Tony” Wang, organized two front companies and so-called “laptop farms.” The companies shipped computers to their “employees,” but the devices remained in the United States and were controlled by North Korea, allowing them to hide the workers’ true locations. As a result, American participants in the scheme earned at least $696,000.
Some of the employees involved were fired after inspections. Another operation was also discovered: four North Korean citizens worked as IT specialists under false names in the United Arab Emirates, the United States, and Serbia, stealing cryptocurrencies and laundering them through Tornado Cash.
From June 10 to June 17, US authorities seized 137 laptops from suspicious “farms” in several states. A reward of up to $5 million is available for information on such activities.