North Korean officials accused the U.S. Department of Justice (DOJ) of running ‘an absurd smear campaign’ after announcing that it had unraveled several schemes by the Democratic People’s Republic of North Korea (DPRK) to fund the regime through remote information technology work for U.S. companies.
Earlier this week, the DOJ said North Korean actors were helped by individuals in the U.S., China, the United Emirates and Taiwan to obtain employment with over 100 U.S. companies, including Fortune 500 companies.
The scheme allegedly involved the workers getting laptops from the companies that hired them and allowing remote North Korean IT workers to remotely access the computers. In another scheme, North Korean IT workers used false identities to gain employment with a blockchain research and development company in Atlanta, Georgia, and steal over $900,000 in virtual currency.
As part of its announcement about the North Korean scheme, the DOJ unsealed a five-count indictment against Zhenxing Wang, a U.S. national living in New Jersey, who has since been arrested.
Wang and his co-conspirators, the DOJ said, obtained remote IT work with U.S. companies and generated over $5 million in revenue.
Also charged in the indictment are Chinese nationals Jing Bin Huang, Baoyu Zhou, Tong Yuze, Yongzhe Xu, Ziyou Yuan and Zhenbang Zhou. Taiwanese nationals Mengting Liu and Enchia Liu were also charged in the indictment.
Also indicted was U.S. national Kejia ‘Tony’ Wang, also of New Jersey, who was charged separately.
North Korean news agency KCNA reported that a spokesperson for the DPRK Foreign Ministry lambasted the U.S. judicial system for its actions against DPRK citizens on the suspicion of a cybercrime.
‘The recent incident is an absurd smear campaign and grave violation of sovereignty aimed at tarnishing the image of our state as it is a continuation of the hostile move of the successive U.S. administrations that have talked much about the non-existent ‘cyber threat’ from the DPRK,’ the spokesperson reportedly said. ‘The Foreign Ministry of the DPRK expresses serious concern over the U.S. judicial authorities’ provocation which is threatening and encroaching on the security, rights and interests of our citizens by fabricating the groundless ‘cyber’ drama, and strongly denounces and rejects it.’
The spokesperson accused the U.S. of creating ‘international cyberspace instability,’ and not the DPRK.
‘The U.S. has long been posing a constant threat to the cybersecurity of the DPRK and other sovereign states by making cyber space a scene of battle and abusing the cyber issue as a political weapon to tarnish the image of other countries and impair the exercise of their legitimate rights,’ the spokesperson said.
‘The Democratic People’s Republic of Korea has the right to take a proper and proportionate countermeasure to thoroughly protect the security and rights of its citizens from the judicial enforcement for a sinister political purpose, and to call to strict legal account the outsiders who took malicious action,’ the spokesperson concluded.
The DOJ said the indictment alleges that from 2021 and through most of 2024, the defendants and other co-conspirators compromised the identities of over 80 people in the U.S. to obtain remote jobs at more than 100 companies. As a result, the victim companies incurred legal fees, computer network remediation costs and other damages and losses to the tune of at least $3 million.
Kejia and Zhenxing, along with at least four other U.S. facilitators, allegedly helped overseas IT workers with various parts of the scheme.
Kejia and Zhenxing allegedly established shell companies with websites and financial accounts to make it appear as though the overseas IT workers were affiliated with legitimate businesses in the U.S. Once established, the two allegedly received money from U.S. companies, and the funds were transferred to co-conspirators overseas.
In exchange for their services, Kejia, Zhenxing and the other four conspirators in the U.S. received at least $696,000 from the IT workers.
The DOJ said one of the companies the schemers allegedly accessed data from was a defense contractor that develops artificial intelligence-powered equipment and technology. By accessing the company’s data, the schemers were privy to International Traffic in Arms Regulations (ITAR), the DOJ said.
The DOJ also announced that the FBI and Defense Criminal Investigative Service (DCIS) seized 17 web domains used as part of the scheme, along with 29 financial accounts holding tens of thousands of dollars, used to launder revenue for the North Korean regime.
The DOJ unveiled another part of the scheme, which resulted in a five-count wire fraud and money laundering indictment against four North Korean nationals: Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju and Change Nam II.
The suspects are accused of scheming to steal virtual currency from two companies, with a value of over $900,000 at the time of the thefts, and to launder the proceeds.
All four nationals, the DOJ said, are at large and wanted by the FBI.
