07/01/2025

Identities of More than 80 Americans Stolen for North Korean IT Worker Scams

The U.S. DOJ recently revealed the identity theft

For years, the North Korean government has found a burgeoning source of sanctions-evading revenue by tasking its citizens with secretly applying for remote tech jobs in the West. A newly revealed takedown operation by American law enforcement makes clear just how much of the infrastructure used to pull off those schemes has been based in the United States—and just how many Americans' identities were stolen by the North Korean impersonators to carry them out.

On Monday, the Department of Justice (DOJ) announced a sweeping operation to crack down on US-based elements of the North Korean remote IT workers scheme, including indictments against two Americans who the government says were involved in the operations—one of whom the FBI has arrested. Authorities also searched 29 "laptop farms" across 16 states allegedly used to receive and host the PCs the North Korean workers remotely access and seized around 200 of those computers as well as 21 web domains and 29 financial accounts that had received the revenue the operation generated. The DOJ’s announcement and indictments also reveal how the North Koreans didn’t merely create fake IDs to insinuate themselves into Western tech firms, according to authorities, but allegedly stole the identities of “more than 80 US persons” to impersonate them in jobs at more than a hundred U.S. companies and funnel money to the Kim regime.

"It's huge," said Michael Barnhart, an investigator focused on North Korean hacking and espionage at DTEX, a security firm focused on insider threats. "Whenever you have a laptop farm like this, that's the soft underbelly of these operations. Shutting them down across so many states, that's massive."

Please select this link to read the complete article from WIRED.