North Korea’s IT Ghosts: Nine Indicted in $5M Scheme

BOSTON – Nine individuals are facing federal charges in a brazen scheme to generate millions of dollars for the Democratic People’s Republic of Korea (DPRK), and its weapons of mass destruction (WMD) programs. The operation allegedly involved dispatching skilled IT workers who posed as legitimate U.S. residents – using stolen identities – to secure remote IT jobs with American companies, including some of the nation’s largest corporations and a key defense contractor. The scheme has reportedly funneled at least $5 million to North Korea.

The indictment names U.S. national Zhenxing “Danny” Wang of New Jersey, alongside eight overseas actors: Chinese nationals Jing Bin Huang (靖斌 黄), Baoyu Zhou (周宝玉), Tong Yuze (佟雨泽), Yongzhe Xu (徐勇哲 andيونجزهي أكسو), Ziyou Yuan (زيو), Zhenbang Zhou (周震邦), and Taiwanese nationals Mengting Liu (劉 孟婷) and Enchia Liu (刘恩). Zhenxing Wang was arrested in New Jersey earlier today and will appear in federal court in Boston at a later date. A separate charging document also accuses Kejia “Tony” Wang of New Jersey, who has agreed to plead guilty for his involvement.

Federal prosecutors allege the DPRK government, in response to international sanctions, has been systematically deploying these IT workers globally. These operatives are accused of not only stealing American identities but also constructing a complex web of fraudulent online accounts – emails, social media profiles, payment platforms – and utilizing proxy computers to mask their origins. The operation wasn’t just about money; court documents reveal the IT workers gained access to sensitive data and source code from their employers, including critical information from a California-based defense contractor.

“The threat posed by DPRK operatives is both real and immediate,” stated United States Attorney Leah B. Foley. “Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies. We will continue to work relentlessly to protect U.S. businesses and ensure they are not inadvertently fueling the DPRK’s unlawful and dangerous ambitions.” The Justice Department is framing this as a direct national security threat, highlighting the regime’s willingness to exploit the global workforce for illicit gains.

Assistant Attorney General John A. Eisenberg of the Department’s National Security Division emphasized the scale of the problem. “These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” he said. “The Justice Department, along with our law enforcement, private sector, and international partners, will persistently pursue and dismantle these cyber-enabled revenue generation networks.” The FBI is warning companies to thoroughly vet remote workers and closely monitor data security.

The FBI is now issuing a stark warning: this is just the tip of the iceberg. While this specific group has been disrupted, the agency believes North Korea has deployed thousands of similar IT workers worldwide, actively targeting U.S. companies daily. Businesses are urged to strengthen their remote hiring processes and report any suspicious activity. The investigation remains ongoing, with authorities promising further action to dismantle North Korea’s cyber-enabled revenue streams. This case underscores the growing threat of state-sponsored cybercrime and the lengths to which rogue nations will go to circumvent international sanctions.