American Charged in Scheme to Employ IT Workers for North Korea

The U.S. Department of Justice (DOJ) announced sweeping criminal charges and asset seizures on Monday as part of a nationwide crackdown on an alleged years-long North Korean scheme to fund its weapons program through fraudulently obtained remote information technology (IT) jobs with U.S. companies.

Two major cases were brought in federal courts in Georgia and Massachusetts, the FBI and DOJ said, involving North Korean IT workers using stolen or fake U.S. identities to secure employment, funneling millions of dollars to the North Korean government, according to a DOJ release.

Why It Matters

This coordinated DOJ and FBI operation addresses an ongoing national security and economic threat, as North Korea's use of remote IT workers enables it to generate substantial offshore funding to evade international sanctions and bolster the regime.

Officials warned that the scheme didn't just harm U.S. companies but also put sensitive and proprietary information—including potentially military technology—at risk.

What To Know

The federal indictments alleged that thousands of North Korean government-dispatched IT specialists posed as U.S. or third-country nationals to obtain remote work assignments with U.S. businesses between 2021 and 2024.

U.S. officials said the workers frequently used fake or stolen identities to gain access, with some companies believing they were hiring employees in the United States when, in fact, many workers operated from North Korea or China.

Prosecutors described how the fraudulent salaries were routed through U.S.-based financial intermediaries and accomplices, eventually landing in accounts controlled by North Korean agents and, ultimately, the North Korean regime.

Federal prosecutors filed two sets of charges: one in Massachusetts against an American citizen along with Chinese and Taiwanese co-conspirators, and one in Georgia targeting four North Korean nationals.

In the Massachusetts case, the group allegedly established shell corporations and fake websites to facilitate the fraud, generating at least $5 million and impacting more than 100 companies.

The Georgia indictment charged four North Korean nationals with using stolen identities to gain employment at a blockchain research and development company in Atlanta, illegally obtaining hundreds of thousands of dollars in cryptocurrency.

"North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime," Assistant Director Brett Leatherman of FBI's Cyber Division said in the press release. "That is why the FBI and our partners continue to work together to disrupt infrastructure, seize revenue, indict overseas IT workers, and arrest their enablers in the United States. Let the actions announced today serve as a warning: if you host laptop farms for the benefit of North Korean actors, law enforcement will be waiting for you."

The DOJ withheld the names of affected companies but acknowledged that some fraudulent workers had potential access to sensitive military technology data.

Financial accounts, websites and laptops used in the commission of the scheme were seized by the DOJ as part of a coordinated, multi-state effort involving enforcement actions in at least 19 jurisdictions.

What People Are Saying

Leah B. Foley, U.S. attorney for the District of Massachusetts, in the DOJ press release: "The threat posed by DPRK operatives is both real and immediate. Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies. We will continue to work relentlessly to protect U.S. businesses and ensure they are not inadvertently fueling the DPRK's unlawful and dangerous ambitions."

John A. Eisenberg, assistant attorney general of the DOJ's National Security Division, in the press release: "These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime's illicit programs, including its weapons programs. The Justice Department, along with our law enforcement, private sector, and international partners, will persistently pursue and dismantle these cyber-enabled revenue generation networks."

What Happens Next

The DOJ is expected to continue its crackdown on North Korean-backed cybercrime and fraud against U.S. businesses, prioritizing disruption and prosecution of state-sponsored schemes.

Ongoing intelligence and law enforcement efforts may target additional perpetrators, assets, and intermediaries as federal authorities intensify scrutiny of remote IT employment practices in sensitive industries.

Update 6/30/25, 5 p.m. ET: This story was updated to include more information.

Related Articles

• Lara Trump Teases Potential Senate Run in 2026
• Mitch McConnell Warns of 'Big Setback' For Republicans
• George W. Bush Joins Obama in Rebuke of Trump

Start your unlimited The News Pulsetrial