{"id":5009,"date":"2025-07-01T10:04:27","date_gmt":"2025-07-01T10:04:27","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/07\/01\/u-s-doj-announces-nationwide-actions-to-combat-north-korean-remote-it-workers\/"},"modified":"2025-07-01T10:04:27","modified_gmt":"2025-07-01T10:04:27","slug":"u-s-doj-announces-nationwide-actions-to-combat-north-korean-remote-it-workers","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/07\/01\/u-s-doj-announces-nationwide-actions-to-combat-north-korean-remote-it-workers\/","title":{"rendered":"U.S DOJ Announces Nationwide Actions to Combat North Korean Remote IT Workers"},"content":{"rendered":"<p>    U.S DOJ Announces Nationwide Actions to Combat North Korean Remote IT Workers<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>The U.S. Department of Justice announced coordinated nationwide law enforcement actions on June 30, 2025, targeting North Korean remote information technology workers\u2019 illicit revenue generation schemes that have defrauded American companies and funded the DPRK\u2019s weapons programs.<\/p>\n<pre class=\"wp-block-preformatted\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\"><strong>Summary<\/strong><br><\/mark>1. The U.S. DoJ conducted coordinated enforcement across 16 states on June 30, 2025, targeting North Korean remote IT workers funding DPRK weapons programs.<br>2. Operation resulted in 29 financial account seizures, 21 website takedowns, 200 computer seizures, and searches at 29 \"laptop farms.\"<br>3. North Korean operatives infiltrated 100+ U.S. companies, generating $5+ million illicitly while causing $3+ million in damages.<br>4. Schemes involved stealing classified defense data under ITAR regulations and $900,000+ in cryptocurrency theft from blockchain companies.<\/pre>\n<p>The comprehensive enforcement action spanned 16 states, resulting in two federal indictments, one arrest, and the seizure of 29 financial accounts containing tens of thousands of dollars, 21 fraudulent websites, and approximately 200 computers.\u00a0<\/p>\n<p>Federal agents executed searches at 29 known or suspected \u201claptop farms\u201d where North Korean IT workers remotely accessed U.S. company-provided equipment using KVM (Keyboard-Video-Mouse) switches and other remote access devices.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Today, the FBI and <a href=\"https:\/\/twitter.com\/TheJusticeDept?ref_src=twsrc%5Etfw\">@TheJusticeDept<\/a> announced nationwide actions to disrupt North Korean schemes to defraud American companies through remote IT work, which included the arrest of a U.S. national who allegedly hosted a laptop farm for North Korean actors <a href=\"https:\/\/t.co\/3IC28oaMFa\">https:\/\/t.co\/3IC28oaMFa<\/a> <a href=\"https:\/\/t.co\/rsx0EPO0nu\">pic.twitter.com\/rsx0EPO0nu<\/a><\/p>\n<p>\u2014 FBI (@FBI) <a href=\"https:\/\/twitter.com\/FBI\/status\/1939776407384596957?ref_src=twsrc%5Etfw\">June 30, 2025<\/a>\n<\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/figure>\n<h2 class=\"wp-block-heading\"><strong>Massive North Korean IT Worker Scheme<\/strong><\/h2>\n<p>According to court documents, the schemes involved North Korean individuals fraudulently obtaining employment with more than 100 <a href=\"https:\/\/cybersecuritynews.com\/hacktivist-groups-attacking-u-s-companies-military-domains\/\" target=\"_blank\" rel=\"noreferrer noopener\">U.S. companies<\/a> using stolen and fake identities, with assistance from accomplices in the United States, China, the United Arab Emirates, and Taiwan.\u00a0<\/p>\n<p>The operation successfully infiltrated numerous Fortune 500 companies, generating over $5 million in illicit revenue while causing victim companies at least $3 million in damages, including legal fees and network remediation costs.<\/p>\n<p>The North Korean operatives demonstrated advanced technical capabilities, gaining access to sensitive employer data, including ITAR (International Traffic in Arms Regulations) controlled information from a California-based defense contractor developing AI-powered military technologies.<\/p>\n<p>Between January and April 2024, overseas conspirators remotely accessed the defense contractor\u2019s systems without authorization, stealing classified technical data marked under ITAR export control regulations.<\/p>\n<p>In a separate blockchain-focused scheme, four North Korean nationals working from the United Arab Emirates used fraudulent identities to infiltrate an Atlanta-based blockchain research and development company.\u00a0<\/p>\n<p>The defendants, Kim Kwang Jin, Jong Pong Ju, Chang Nam Il, and Kang Tae Bok, stole virtual currency worth over $900,000 by modifying smart contract source code and laundering the proceeds through Tornado Cash, a <a href=\"https:\/\/cybersecuritynews.com\/north-korean-hackers-stole-600-million\/\" target=\"_blank\" rel=\"noreferrer noopener\">cryptocurrency mixer<\/a> service.<\/p>\n<h2 class=\"wp-block-heading\"><strong>\u00a0$5M Reward for Info on North Korea\u2019s Illicit Actions<\/strong><\/h2>\n<p>These actions represent the latest phase of the Justice Department\u2019s DPRK RevGen: Domestic Enabler Initiative, a joint effort between the National Security Division and the FBI\u2019s Cyber and Counterintelligence Divisions specifically targeting North Korean revenue generation schemes.\u00a0<\/p>\n<p>The initiative has previously resulted in civil forfeiture actions, including a June 2025 complaint for over $7.74 million tied to illegal employment schemes.<\/p>\n<p>Assistant Director Brett Leatherman of the FBI\u2019s Cyber Division emphasized the persistent threat, stating that North Korean IT workers can individually earn up to $300,000 annually, collectively generating hundreds of millions of dollars for designated entities, including the North Korean Ministry of Defense.\u00a0<\/p>\n<p>The Department of State has <a href=\"https:\/\/www.justice.gov\/opa\/pr\/justice-department-announces-coordinated-nationwide-actions-combat-north-korean-remote\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">offered<\/a> rewards up to $5 million for information supporting efforts to disrupt DPRK\u2019s illicit financial activities, including cybercrimes and sanctions evasion.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 92%,rgb(169,184,195) 100%)\">Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -&gt; <a href=\"https:\/\/any.run\/demo?utm_source=csn&amp;utm_medium=article&amp;utm_campaign=braodo_stealer&amp;utm_content=demo_1&amp;utm_term=250625\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><strong>Try ANY.RUN now<\/strong><\/a>\u00a0<\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/u-s-doj-announces-nationwide-actions\/\">U.S DOJ Announces Nationwide Actions to Combat North Korean Remote IT Workers<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Kaaviya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/u-s-doj-announces-nationwide-actions\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>U.S DOJ Announces Nationwide Actions to Combat North Korean Remote IT Workers The U.S. Department of Justice announced coordinated nationwide law enforcement actions on June 30, 2025, targeting North Korean remote information technology workers\u2019 illicit revenue generation schemes that have defrauded American companies and funded the DPRK\u2019s weapons programs. Summary1. The U.S. DoJ conducted coordinated [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63],"tags":[130],"class_list":["post-5009","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/5009"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=5009"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/5009\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=5009"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=5009"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=5009"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}