US news

North Korean workers are taking remote jobs in the US. The company set a trap to reveal one.

Photo of admin admin Send an email 9 hours ago
0 1 5 minutes read
North Korean workers are taking remote jobs in the US. The company set a trap to reveal one.

FBI officials say mobile farms are a key way North Korean IT groups trick American companies into believing remote workers are in the US — providing both a physical shipping address for laptops and a US Internet connection. Once equipped with some remote access software and tools, employees can access those laptops remotely.

So far, at least 10 suspected US-based promoters have been charged with federal charges, including one member of the US Army, for their alleged role in holding mobile farms, paying illegal proceeds and moving funds through shell companies. At least six other suspected US facilitators have been identified in court documents but have not been named.

In another incident, a US citizen, Kejia “Tony” Wang, traveled to China in 2023 to meet with associates and IT workers in Shenyang and Dandong, according to court documents. Laptops from more than 100 US companies, including a California-based contractor, were sent to Wang, who in turn set up shell companies to subsidize wages earned overseas. Wang pleaded guilty to wire fraud, money laundering and identity theft charges and is awaiting sentencing next month.

“We believe there are many hundreds of people involved in these schemes,” said Rozhavsky, the FBI’s assistant director. “They won’t pull this off if they don’t have willing lobbyists in the US to help them.”

Once the illegal currency is found, it needs to be consolidated and converted into government-issued currency. North Korean gangs often rely on China’s network of networks to clean them up, according to industry reports.

“Every bad guy you can think of is using Chinese money launderers. Now, this is how money moves internationally,” said Nick Carlsen, senior investigator of the global investigative team at blockchain analytics firm TRM Labs and a former FBI intelligence analyst with a focus on North Korea.

Since Kim Jong Un took power in 2011, North Korea has honed and expanded its portfolio of cybercrime operations beyond IT work — pulling in billions in cryptocurrency theft including a record $1.5 billion heist last year, according to the FBI. Analysts say the jobs have made Kim richer and more politically relevant than ever before, confirming his long-held view of computers as an “all-purpose sword.”

In recent years, North Korea’s cooperation with Chinese currency trading networks has opened up a new level of speed and efficiency that North Korean operators could not achieve independently.

“The thing that’s changing is the presence of these very liquid Chinese financial systems,” Carlsen said. “They can absorb a lot of money, convert it and transfer it to whatever local currency you want. This is a big change.”

North Korean IT staff at an undisclosed location.Department of Justice

Many of these brokers operate across southern China and Southeast Asia including Myanmar, Hong Kong, Macao and China’s Fujian province – fast-moving cryptocurrency crosses blockchains using so-called “aggregators” who break stolen funds into smaller pieces to hide their origin. IT workers’ takeovers are typically small and involve few intermediaries, said Andrew Fierman, head of national security intelligence at blockchain tracking firm Chainalysis, while large-scale crypto heists require complex, multi-layered chains.

Carlsen noted that funds from both IT worker schemes and crypto heists often end up with Chinese buyers tied to organized crime syndicates. “You see that there are a lot of scams for slaughtering pigs and companies that sell drugs,” he said. “These are the same networks that take this money.” Cryptocurrencies have made that convergence easier. “It’s a lubricant,” he added. “It’s the oil that allows all these gears to connect.”

The US government has taken some steps to deal with North Korea’s IT workforce, but experts warn the threat is only getting worse as the workforce’s use of AI continues to grow around the world.

Cybersecurity analysts say US law enforcement tools are struggling to keep up with the scale and complexity of Pyongyang’s cooperation. Many of the people involved operate from countries that do not have extradition treaties with the US, making them beyond the reach of US law enforcement.

“It’s a whack-a-mole game. It’s almost impossible to completely disrupt this,” Carlsen said. “It’s just a never-ending process.”

He says the most effective strategy is to make programs less profitable by cutting off the state’s ability to extract money from money laundering organizations.

The US government has stepped up efforts to do so. On Thursday, the Ministry of Finance fined six individuals and two organizations for their role in IT worker schemes organized by the DPRK government, including promoters based in North Korea, Vietnam, Laos and Spain.

Last fall, federal authorities announced a wave of criminal charges, asset forfeitures, sanctions and asset freezes targeting North Korea’s illegal internet activity.

In October, the Treasury Department separated Cambodia’s Huione Group, a financial guarantee network, from the US financial system, alleging that it had stolen billions in illegal profits, including at least $37 million in cryptocurrency linked to North Korean operations. Weeks later, eight individuals and two organizations, including North Korean banks and institutions, were fined for the proceeds of cybercrime and IT personnel fraud schemes.

North Korea has denied any wrongdoing.

North Korean leader Kim Jong Un participates in a photo session with soldiers involved in the construction of a thermal storage farm in North Pyongan Province on Feb. 1, 2026.
North Korean leader Kim Jong Un participates in a photo session with soldiers in North Pyongan province on February 1.Korean Central News Agency via Getty Image

Last year, following the Justice Department’s indictment of some North Koreans for their alleged roles in the program, the country’s foreign minister criticized the US’s actions as a “senseless smear campaign” targeting a “non-existent “cyber” threat from the DPRK,” the Korean Central News Agency reported.

Responding to questions about the involvement of Chinese people in this process, the spokesperson of the Chinese Embassy Liu Pengyu said, “We oppose false accusations and accusations that have no truth at all.”

The program itself is also becoming more difficult. North Korean IT teams now work under engineers from Pakistan, Nigeria and India, expanding into areas such as customer service, financial processing, insurance and translation services – roles that are less explored than software development.

“Unless you have foreign intelligence, you might not know they’re North Korean,” said Michael Barnhart, head of national threat intelligence at DTEX. “They’re trying to get into middle management, and it’s working.”

That increase also means concern that North Korean workers could wreak havoc in the real world by putting lives at risk, something Barnhart has seen up close.

In 2021, as part of an attack on NASA and military bases, a team of North Korean hackers infects the computer systems of a Kansas hospital with ransomware, disables servers and demands nearly $100,000 in bitcoin for their work. The hospital paid. Barnhart helped investigate the hack alongside the FBI, and it was that case that brought to light the ways in which North Korean attack groups sometimes cooperated with IT groups to support their operations, something that was not widely known at the time.

What they saw was hacking doing IT work, including putting other IT staff out of work. The revenue from those operations supported the primary operations of the malware hacking unit to launch computer attacks against the US, South Korean and Chinese governments or technology victims.

“It started as a revenue generator, but the lines are blurring and blurring. When the time comes, they have chess pieces inside organizations around the world – and they will start acting internally,” he said.

Rozhavsky expressed similar concerns.

“Even if the company fires them, we don’t know what departments they might have left to be accessible in the future,” he said. “So it’s a critical time bomb that could have serious consequences on the ground.”

Lawmakers also want stronger defenses. Sens. Gary Peters, D-Mich., and Mike Rounds, RS.D., introduced the Protecting America from Cyber ​​​​Threats Act, which would renew key cybersecurity authorities for another decade and encourage private companies, such as Nisos, to share information about cyberthreats with the federal government.

However, thousands of workers, the driving force behind IT systems, are not available, most of them based in China.

“These are the smartest people in North Korea. That’s kind of a tragedy,” Carlsen said. “They took everything they could and the most prominent of them became criminals.”

Photo of admin admin Send an email 9 hours ago
0 1 5 minutes read
Photo of admin

admin

Related Articles

Ukraine’s anti-drone tech is in high demand as Iran attacks its neighbors

Ukraine’s anti-drone tech is in high demand as Iran attacks its neighbors

9 hours ago
Asia is already making big changes as oil prices rise

Asia is already making big changes as oil prices rise

11 hours ago
Trump says Iran is ready to negotiate an end to the war but is not ready to make a deal

Trump says Iran is ready to negotiate an end to the war but is not ready to make a deal

22 hours ago
How two teenagers from affluent Pennsylvania became suspects in an attempted ‘ISIS-inspired’ attack on New York City.

How two teenagers from affluent Pennsylvania became suspects in an attempted ‘ISIS-inspired’ attack on New York City.

1 day ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button