CyberSecurityBoard
Sponsor Register Login

U.S DoJ Announces Nationwide Actions to Combat North Korean Remote IT Workers

The U.S. Department of Justice announced coordinated nationwide law enforcement actions on June 30, 2025, targeting North Korean remote information technology workers’ illicit revenue generation schemes that have defrauded American companies and funded the DPRK’s weapons programs. These actions represent the latest phase of the Justice Department’s DPRK RevGen: Domestic Enabler Initiative, a joint effort between the National Security Division and the FBI’s Cyber and Counterintelligence Divisions specifically targeting North Korean revenue generation schemes. Assistant Director Brett Leatherman of the FBI’s Cyber Division emphasized the persistent threat, stating that North Korean IT workers can individually earn up to $300,000 annually, collectively generating hundreds of millions of dollars for designated entities, including the North Korean Ministry of Defense. The North Korean operatives demonstrated advanced technical capabilities, gaining access to sensitive employer data, including ITAR (International Traffic in Arms Regulations) controlled information from a California-based defense contractor developing AI-powered military technologies. According to court documents, the schemes involved North Korean individuals fraudulently obtaining employment with more than 100 U.S. companies using stolen and fake identities, with assistance from accomplices in the United States, China, the United Arab Emirates, and Taiwan. The U.S. DoJ conducted coordinated enforcement across 16 states on June 30, 2025, targeting North Korean remote IT workers funding DPRK weapons programs. Federal agents executed searches at 29 known or suspected “laptop farms” where North Korean IT workers remotely accessed U.S. company-provided equipment using KVM (Keyboard-Video-Mouse) switches and other remote access devices. North Korean operatives infiltrated 100+ U.S. companies, generating $5+ million illicitly while causing $3+ million in damages. The operation successfully infiltrated numerous Fortune 500 companies, generating over $5 million in illicit revenue while causing victim companies at least $3 million in damages, including legal fees and network remediation costs.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 01 Jul 2025 08:25:14 +0000


Cyber News related to U.S DoJ Announces Nationwide Actions to Combat North Korean Remote IT Workers

U.S DoJ Announces Nationwide Actions to Combat North Korean Remote IT Workers - The U.S. Department of Justice announced coordinated nationwide law enforcement actions on June 30, 2025, targeting North Korean remote information technology workers’ illicit revenue generation schemes that have defrauded American companies ...
1 month ago Cybersecuritynews.com
North Korean IT worker scam is now a threat to all companies, cybersecurity experts say | The Record from Recorded Future News - Since disruptions began last year and law enforcement has publicly warned companies of the practice, DTEX’s Barnhart and others said they have seen some workers try to extort companies or hand off their access to more sophisticated North Korean ...
3 months ago Therecord.media
Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms - The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme in which North Korean IT workers infiltrated hundreds of companies and earned millions of dollars for North Korea. According to the ...
1 year ago Securityweek.com
North Korean IT worker army expands operations in Europe - GTIG's report follows multiple warnings issued by the FBI regarding North Korea's massive army of IT workers sent abroad to generate revenue, who have tricked hundreds of companies in the United States and worldwide into hiring them over the years. ...
4 months ago Bleepingcomputer.com
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
1 year ago Microsoft.com
North Korean Remote IT Workers Added New Tactics and Techniques to Infiltrate Organizations - North Korean state-sponsored remote IT workers have significantly evolved their infiltration tactics, incorporating artificial intelligence tools and sophisticated deception techniques to penetrate organizations worldwide. Microsoft researchers ...
1 month ago Cybersecuritynews.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com Andariel Kimsuky Lazarus Group
Cybersecurity for Remote Workers: Best Practices - In the current era of remote work, organizations worldwide face a critical concern: ensuring the cybersecurity of their remote workers. To address this issue, businesses must establish a robust cybersecurity framework that incorporates best practices ...
1 year ago Securityzap.com
Reserachers Uncovered North Korean Nationals Remote IT Worker Fraud Scheme - In a significant cybersecurity investigation, researchers have revealed an elaborate fraud scheme orchestrated by North Korean nationals who used stolen identities to secure remote IT positions at US-based companies and nonprofits. The operation ...
2 months ago Cybersecuritynews.com
Woman gets 8 years for aiding North Koreans infiltrate 300 US firms - According to court documents, Chapman hosted the North Korean IT workers' computers in her own home beteen October 2020 and October 2023, creating a so-called "laptop farm" which was used to make it appear as though the devices were located in the ...
2 weeks ago Bleepingcomputer.com
Microsoft shuts down 3,000 email accounts created by North Korean IT workers | The Record from Recorded Future News - To illustrate the scale of the financial benefits North Korea is achieving through the scheme, prominent cryptocurrency investigator Zachary Wolk, also known as ZachXBT, said a recent investigation found more than $16.5 million in cryptocurrency ...
1 month ago Therecord.media
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
2 years ago Therecord.media
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers - Well-publicized estimates of a massive shortfall in cybersecurity workers have resulted in high expectations among job seekers in the field, but the reality often falls flat, because of a mismatch between companies' requirements and job seekers' ...
1 year ago Darkreading.com Equation
North Korean Hackers Utilizing Credential Stuffing to Launch Cyberattacks - In an alarming new report, researchers found that North Korean-linked hackers have been using stolen passwords during cyberattacks to gain access to various government, military and financial networks. According to security experts, the creative ...
2 years ago Thehackernews.com
US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
1 year ago Bleepingcomputer.com Andariel Kimsuky
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks - North Korean advanced persistent threat groups are mixing and matching components of two recently unleashed types of Mac-targeted malware to evade detection and fly under the radar as they continue their efforts to conduct operations at the behest of ...
1 year ago Darkreading.com
North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
5 months ago Darkreading.com Andariel Kimsuky
US hits senior North Korean officials with sanctions, $3 million bounties | The Record from Recorded Future News - U.S. law enforcement action centered on Korea Sobaeksu Trading Company — a North Korean company allegedly used as a front for the country’s Munitions Industry Department, which oversees the DPRK’s nuclear program and is involved in the ...
2 weeks ago Therecord.media
North Korean IT Workers Infiltrate International Companies To Plant Backdoors on Systems - The infiltration of North Korean IT workers into international companies poses a dual threat of sanctions violations and severe cybersecurity risks. The rise of remote work has provided new opportunities for North Korean IT workers to gain employment ...
5 months ago Cybersecuritynews.com
Arizona Woman Sentenced for Helping North Korean IT Workers by Operating Laptop Farm - The scheme involved systematic identity theft of 68 U.S. citizens, whose personal information was used to create false employment profiles for North Korean IT workers seeking remote positions at major American corporations. The targeted companies ...
1 week ago Cybersecuritynews.com
US DOJ applies carrot-and-stick approach to Foreign Corrupt Practices Act policy - The US Department of Justice has taken a carrot-and-stick approach to its corporate enforcement policy in regard to the Foreign Corrupt Practices Act in an effort to entice companies to self-report when in violation of the FCPA. Assistant Attorney ...
2 years ago Csoonline.com
FBI Charges North Korean Hackers Over $100 Million Stolen in Crypto Hack - The FBI has recently charged a North Korean hacker in connection with the Harmony crypto hack from which the hacker allegedly stole over $100 million. The hacker, Jon Chang Hyok, is a member of the North Korean military intelligence agency, the ...
2 years ago Bleepingcomputer.com
North Korean IT workers seen using AI tools to scam firms into hiring them | The Record from Recorded Future News - In an effort to improve its own onboarding process and help customers dealing with the scheme, cybersecurity firm Okta conducted research into online services used by individuals identified by U.S. authorities and third parties as agents for the ...
3 months ago Therecord.media
Researchers Detailed North Korean Threat Actors Technical Strategies to Uncover Illicit Access - The technical sophistication of North Korean remote workers centers on their ability to maintain persistent access to corporate systems while masking their true geographical location and identity. For network-level obfuscation, the threat actors ...
1 week ago Cybersecuritynews.com
DOJ Seizes Ransomware Site as BlackCat Threatens More Attacks - U.S. law enforcement agencies said they shut down the online operations of the notorious Russia-linked BlackCat ransomware-as-a-service group and developed a decryption tool that will help more than 500 victims regain access to their encrypted data ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)