Indictment Unveils Scheme Linking North Korean IT Workers to U.S. Companies

A federal indictment has revealed a far-reaching scheme involving North Korean IT workers, U.S. facilitators, and Chinese nationals. The defendants allegedly helped remote North Korean IT workers obtain jobs at over 100 U.S. companies, including many Fortune 500 firms, by compromising the identities of more than 80 Americans. This fraud resulted in at least $3 million in losses for the affected companies, covering legal fees, network remediation, and other damages.
The indictment highlights that while some IT workers operated within North Korea, many were based in Chinese cities near the North Korean border, such as Dandong and Shenyang. Among the defendants is U.S. national Zhenxing “Danny” Wang, arrested in New Jersey, along with six Chinese nationals and two Taiwanese nationals.
Prosecutors allege that Wang and others facilitated unauthorized access to company-issued laptops, created financial accounts, and established U.S.-based shell companies to legitimize the workers. In return, the group received over $696,000 in fees.
The scheme also involved the theft of sensitive data, including source code, from employers. A California-based defense contractor was among the victims, with stolen documents containing U.S. military technology regulated under the International Traffic in Arms Regulations.
FBI Assistant Director Brett Leatherman warned that those aiding North Korean actors in such schemes will face legal consequences. The indictment underscores the growing threat of cyber espionage and identity theft linked to North Korea.

Published: 7/1/2025