North Korean workers are taking remote U.S. jobs. This company set a trap to expose one.

Photo of abdulmanannet77@gmail.com abdulmanannet77@gmail.com4 hours ago
0 0 5 minutes read
North Korean workers are taking remote U.S. jobs. This company set a trap to expose one.
https://www.profitableratecpm.com/f4ffsdxe?key=39b1ebce72f3758345b2155c98e6709c

FBI officials say laptop farms are a crucial way North Korean IT teams fool U.S. companies into thinking their remote workers are in the United States — by providing both a physical address to send laptops to and a U.S. Internet connection. Once equipped with certain software and remote access tools, workers can connect to these laptops remotely.

So far, at least 10 alleged U.S.-based facilitators have been federally indicted, including an active-duty member of the U.S. military, for their alleged role in hosting laptop farms, laundering payments and moving profits through shell companies. At least six other alleged U.S. facilitators have been identified in court documents but have not been named.

In one case, a U.S. citizen, Kejia “Tony” Wang, traveled to China in 2023 to meet with co-conspirators and IT workers in Shenyang and Dandong, according to court documents. Laptops from more than 100 U.S. companies, including a California-based defense contractor, were sent to Wang, who also set up shell companies to help funnel wages earned overseas. Wang pleaded guilty to charges related to wire fraud, money laundering and identity theft and awaits sentencing next month.

“We believe there are still hundreds of people participating in these schemes,” said Rozhavsky, the FBI deputy director. “They could never achieve this if they did not have the help of willing facilitators in the United States. »

Once the illicit money has been earned, it must be consolidated and converted into government-issued currency. North Korean teams typically rely on a maze of Chinese networks to launder them, according to industry reports.

“Every bad guy you can think of uses Chinese money launderers. That’s how money moves internationally,” said Nick Carlsen, lead investigator on the global investigations team at blockchain analytics firm TRM Labs and a former FBI intelligence analyst specializing in North Korea.

Since Kim Jong Un took power in 2011, North Korea has refined and expanded its portfolio of cybercrime operations beyond IT work — generating billions of dollars from cryptocurrency thefts, including a record $1.5 billion heist last year, according to the FBI. Analysts say these operations have made Kim wealthier and more geopolitically relevant than ever, validating his long-held view of cyber operations as a “sword of all trades.”

In recent years, North Korea’s partnership with Chinese money laundering networks has achieved a new level of speed and efficiency that North Korean operators have not been able to achieve independently.

“The transformative element is the existence of these superliquid Chinese financial networks,” Carlsen said. “They can absorb a lot of money, convert it and transfer it to whatever national currency you want. That’s the big change.”

North Korean computer scientists in an undisclosed location.
North Korean computer scientists in an undisclosed location.Ministry of Justice

Most of these intermediaries operate in southern China and Southeast Asia, including Myanmar, Hong Kong, Macau and China’s Fujian province – quickly moving cryptocurrencies across blockchains using so-called “mixers” that split stolen funds into smaller pieces to disguise their origin. IT workers’ earnings are typically smaller sums and involve fewer middlemen, said Andrew Fierman, head of national security intelligence at blockchain tracking firm Chainalysis, while larger sums from crypto thefts require complex, multi-layered laundering chains.

Carlsen noted that funds from both computer worker schemes and crypto heists often end up with Chinese brokers linked to organized crime syndicates. “There are overlaps with pig slaughter scams and drug cartels,” he said. “These are the same networks that are absorbing this money.” Cryptocurrencies have facilitated this convergence. “It’s the lubricant,” he added. “The oil that allows all these gears to interact with each other.”

The U.S. government has taken some steps to combat the North Korean IT worker project, but experts warn the threat is growing as workers’ use of AI continues to expand around the world.

Cybersecurity analysts say U.S. monitoring tools are struggling to keep pace with the scale and sophistication of Pyongyang’s cyber operations. Many of those involved operate in countries that do not have extradition agreements with the United States, putting them largely beyond the reach of U.S. law enforcement.

“It’s a crazy game. It’s virtually impossible to completely disrupt that,” Carlsen said. “It’s just a never-ending process.”

The most effective strategy, he says, is to make the schemes less profitable by preventing the regime from collecting funds through money laundering organizations.

The US government has stepped up its efforts in this direction. The Treasury Department on Thursday sanctioned six individuals and two entities for their roles in computer work schemes orchestrated by the DPRK government, including facilitators based in North Korea, Vietnam, Laos and Spain.

Last fall, federal authorities announced a wave of criminal charges, forfeitures, sanctions and asset freezes targeting North Korea’s illicit cyber activities.

In October, the Treasury Department separated Cambodia-based Huione Group, a financial collateral network, from the U.S. financial system, alleging it had laundered billions in illicit proceeds, including at least $37 million in cryptocurrency linked to North Korean operations. A few weeks later, eight individuals and two entities, including North Korean bankers and institutions, were sanctioned for laundering funds from cybercrime and fraudulent schemes with IT professionals.

North Korea, for its part, has denied any wrongdoing.

North Korean leader Kim Jong Un takes part in a photo session with soldiers involved in the construction of a greenhouse in North Pyongan province, February 1, 2026.
February 1: North Korean leader Kim Jong Un takes part in a photo session with soldiers in North Pyongan province.Korean Central News Agency via Getty Image

Last year, following the Justice Ministry’s indictment of several North Koreans for their alleged role in the scheme, the country’s foreign minister condemned U.S. actions as “an absurd smear campaign” targeting the DPRK’s “non-existent ‘cyber threat,'” the Korean Central News Agency reported.

In response to questions about the involvement of Chinese nationals in the project, Chinese embassy spokesperson Liu Pengyu said: “We oppose false allegations and smears that have no factual basis. »

The system itself is also becoming more complex. North Korean IT teams now outsource their work to developers in Pakistan, Nigeria and India, and are expanding into areas such as customer service, financial processing, insurance and translation services – roles far less scrutinized than software development.

“Unless you have external information, you may not know they’re North Korean,” said Michael Barnhart, DTEX’s manager of nation-state threat intelligence. “They’re trying to become middle managers, and it’s working.”

This expansion also means that North Korean workers could cause real damage by putting lives at risk, something Barnhart has seen up close.

In 2021, as part of a wave of attacks on NASA and military bases, a North Korean hacking team infected the computer systems of a Kansas hospital with ransomware, crippling the servers and demanding approximately $100,000 in bitcoin to restore their operation. The hospital paid. Barnhart helped investigate the hack alongside the FBI, and it was this case that gave him an understanding of how North Korea’s malicious hacking teams sometimes cooperate with IT teams to support their missions, which was not widely known at the time.

What he saw was a hacking operator engaged in IT work, including placing other IT workers in jobs. Income from these jobs supported the Hacking Unit’s primary hacking operations aimed at committing computer intrusions against the U.S., South Korean, and Chinese governments or against technological victims.

“It started with generating revenue, but the lines are becoming increasingly blurred. When the time comes, they will have chess pieces inside organizations around the world – and they will start acting from within,” he said.

Rozhavsky expressed similar concerns.

“Even if a company gets rid of it, we don’t know what backdoors they might have left to access it in the future,” he said. “So this is definitely a time bomb that could have negative long-term consequences.”

Lawmakers are also seeking stronger defenses. Senators Gary Peters, D-Mich., and Mike Rounds, R-S.D., introduced the Protecting America from Cyber ​​Threats Act, which would renew key cybersecurity authorities for another decade and encourage private companies, like Nisos, to share information about cyber threats with the federal government.

Yet thousands of workers, the driving force behind IT projects, remain out of reach, the majority of whom are based in China.

“These are the smartest people in North Korea. It’s a bit of a tragedy,” Carlsen said. “They took the best and the brightest and made them criminals.”

Photo of abdulmanannet77@gmail.com abdulmanannet77@gmail.com4 hours ago
0 0 5 minutes read
Photo of abdulmanannet77@gmail.com

abdulmanannet77@gmail.com

Related Articles

Carolyn Hax: At dinner, a client’s wife wages asymmetrical mommy warfare

December 27, 2025
Australian lizard mutated to resist snake venom

Australian lizard mutated to resist snake venom

August 5, 2025
Robot Videos: Robotic Hands-ish, Drone Swarms, More

Robot Videos: Robotic Hands-ish, Drone Swarms, More

October 10, 2025
Can ‘Dark Showering’ Fix Bad Sleep Habits? Here’s What Happened When I Tried It

Can ‘Dark Showering’ Fix Bad Sleep Habits? Here’s What Happened When I Tried It

September 13, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button