In a sweeping indictment unsealed in Boston, federal prosecutors have charged nine individuals in connection with a covert scheme to funnel money into North Korea’s weapons of mass destruction (WMD) programs. At the heart of the plot: remote IT workers, planted within U.S. companies, who posed as American citizens using stolen identities. The group allegedly generated over $5 million in revenue for the North Korean regime.

Among the accused is Zhenxing “Danny” Wang, a U.S. national from New Jersey, who was arrested and will face charges in federal court in Boston. The other defendants include eight foreign nationals from China and Taiwan, two of whom were living in the United Arab Emirates. Together, they’re accused of helping North Korea bypass sanctions by embedding operatives into some of the most high-profile American companies — including Fortune 500 firms and a defense contractor.

The indictment outlines a complex operation that began around 2021. According to investigators, the North Korean government dispatched thousands of highly trained IT workers around the world with one mission: infiltrate companies and quietly funnel their earnings and stolen data back to Pyongyang. These operatives used the stolen identities of more than 80 Americans to secure remote positions at over 100 U.S. companies. They gained unauthorized access to internal systems, source code, and even sensitive defense data protected under the International Traffic in Arms Regulations (ITAR).

The scheme relied heavily on digital deception. Operatives set up fake email addresses, pseudonymous accounts, bogus social media profiles, proxy computers, and phony business websites. They also created fraudulent U.S.-based shell companies with names like Hopana Tech LLC, Tony WKJ LLC, and Independent Lab LLC — all meant to convince employers that these workers were legitimate U.S.-based contractors.

Several U.S. citizens allegedly played key roles in enabling this operation. Kejia Wang, Zhenxing Wang, and others are accused of facilitating the fraud by receiving company-issued laptops at their homes and allowing remote access for the overseas operatives. These locations — dubbed “laptop farms” — helped maintain the illusion that the workers were physically located within the U.S. The facilitators also reportedly installed unauthorized software, used internet-connected KVM switches, and set up bank accounts and money transfer services to move stolen funds. In exchange, they collected nearly $700,000 in fees.

A major breakthrough came in October 2024 when federal agents conducted searches in New York, New Jersey, and California, recovering more than 70 laptops from U.S. companies. Authorities also seized 21 fraudulent websites and 29 financial accounts containing tens of thousands of dollars. These efforts helped expose the digital infrastructure used to sustain the fraud and launder its proceeds.

Meanwhile, a separate indictment in the Northern District of Georgia charged four North Korean nationals with infiltrating virtual currency companies. Unlike the IT workers who typically send earnings back to North Korea, these individuals allegedly embedded themselves in crypto firms and stole over $750,000 in digital assets. The money was then laundered overseas.

Officials from multiple federal agencies spoke out about the gravity of the threat. U.S. Attorney Leah B. Foley warned that the campaign by North Korean operatives is “real and immediate,” and noted that thousands of cyber agents have been trained to blend into the global digital workforce. Assistant Attorney General John Eisenberg emphasized that the scheme was designed not only to fund North Korea’s WMD ambitions but also to avoid international sanctions.

FBI Acting Special Agent Rafik Mattar issued a stark warning to businesses, urging them to carefully screen remote workers, monitor internal systems, and report suspicious activity. He noted that while this group has been disrupted, similar threats persist daily.

John Helsing of the Defense Criminal Investigative Service stressed that these indictments should serve as a clear deterrent to anyone attempting to export sensitive defense information illegally. Shawn Gibson of Homeland Security Investigations added that this case shows how U.S. agencies can effectively work together to dismantle international technology-based fraud networks.

The charges include conspiracy to commit wire and mail fraud, money laundering, identity theft, and violations of the International Emergency Economic Powers Act. If convicted, the defendants face up to 20 years in prison for the most serious counts. However, all individuals are presumed innocent unless and until proven guilty in a court of law.

The investigation, part of the Justice Department’s “DPRK: Domestic Enabler” initiative, represents a multi-year, multi-agency effort to combat North Korea’s illicit revenue operations and the Americans who help facilitate them. The Department of State is offering rewards of up to $5 million for information that helps disrupt these illegal financial activities.

This case sends a strong message: North Korea’s digital espionage is active, adaptive, and embedded deep within the U.S. workforce. And the federal government is determined to fight back.

IF YOU NEED A LAWYER CONTACT US