BOSTON — Nine people have been indicted in Boston in connection with an alleged scheme to infiltrate U.S. companies and generate revenue for North Korea and its weapons of mass destruction programs.

Those indicted fraudulently obtained remote jobs at more than 100 U.S. companies, including several Fortune 500 companies, U.S. Attorney Leah Foley said in a statement on Monday afternoon.

They include a New Jersey man and eight foreign nationals from China and Taiwan.

The alleged scheme involved dispatching skilled IT workers who, using stolen identities of U.S. persons, posed as domestic workers to obtain remote IT jobs with U.S. companies, Foley said.

The U.S. companies included several Fortune 500 companies and a defense contractor.

Foley said the following people were indicted for their roles in the scheme, which generated at least $5 million in revenue for North Korea: 

  1. U.S. national Zhenxing “Danny” Wang of New Jersey;
  2. Chinese national Jing Bin Huang (靖斌 黄);
  3. Chinese national Baoyu Zhou (周宝玉);
  4. Chinese national Tong Yuze (佟雨泽);
  5. Chinese national Yongzhe Xu (徐勇哲 andيونجزهي أكسو), currently residing in the United Arab Emirates;
  6. Chinese national Ziyou Yuan (زيو), currently residing in the United Arab Emirates;
  7. Chinese national Zhenbang Zhou (周震邦);
  8. Taiwanese national Mengting Liu (劉 孟婷); and
  9. Taiwanese national Enchia Liu (刘恩)

Zhenxing Wang was arrested earlier Monday in New Jersey, Foley said. He will appear in federal court in Boston at a later date.

As alleged in court documents, in response to U.S. and U.N. sanctions, the North Korean government has dispatched thousands of skilled IT workers around the world, who stole identities of U.S. persons and posed as domestic workers to obtain remote IT jobs with U.S. companies and generate revenue for North Korean weapons of mass destruction programs.

The North Korean IT workers’ scheme involved the use of pseudonymous email, social media, payment platform and online job site accounts, as well as fake websites, proxy computers, and third-party enablers in the United States and abroad, prosecutors said.

North Korea Russia In this photo provided by the North Korean government, North Korean leader Kim Jong Un meets with Russian Security Council Secretary Sergei Shoigu, not in photo, at the headquarters of the ruling Workers’ Party in Pyongyang, North Korea, Tuesday, June 17, 2025. Independent journalists were not given access to cover the event depicted in this image distributed by the North Korean government. The content of this image is as provided and cannot be independently verified. Korean language watermark on image as provided by source reads: “KCNA” which is the abbreviation for Korean Central News Agency. (Korean Central News Agency/Korea News Service via AP) (Uncredited/AP)

According to the court documents, the IT workers employed under this scheme also gained access to sensitive employer data and source code, including International Traffic in Arms Regulations data from a California-based defense contractor that develops artificial intelligence-powered equipment and technologies.

Foley said Monday that the threat posed by North Korean operatives “is both real and immediate.”

“Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies,” Foley said. “We will continue to work relentlessly to protect U.S. businesses and ensure they are not inadvertently fueling the DPRK’s unlawful and dangerous ambitions.”

“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” said

John Eisenberg, Assistant Attorney General for the Department’s National Security Division, said in a statement that these schemes “target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs.

“The Justice Department, along with our law enforcement, private sector, and international partners, will persistently pursue and dismantle these cyber-enabled revenue generation networks,” Eisenberg said.

Rafik Mattar, Acting Special Agent in Charge of the FBI’s Las Vegas Division, said the agency “will continue to work with our partners to expose and mitigate these fraudulent IT schemes and provide unwavering support to victims of North Korean cyber actors.”

“While we have disrupted this group, this is merely the initial phase of the problem,” Mattar said. “The government of North Korea has trained and deployed thousands of IT workers to carry out similar schemes against U.S. companies daily.”

“Protect your business by thoroughly vetting fully remote workers,” Mattar said. “The FBI strongly advises organizations to closely monitor their data, strengthen their remote hiring processes, and report any suspicious activity or fraud to the FBI.”

The indictments “should act as a deterrent for individuals and foreign entities attempting to illegally export critical defense information,” said John Helsing, Acting Special Agent in Charge for the Department of Defense Office of Inspector General, Defense Criminal Investigative Service Western Field Office. 

“DCIS will continue to work aggressively with our law enforcement partners and the Department of Justice to investigate and prosecute those who threaten our National Security and America’s Warfighters,” Helsing said.

Cybercrimes Cybercrimes

According to the indictment, from approximately 2021 through October 2024, the defendants and other co-conspirators perpetuated a massive fraud scheme resulting in the transmission of false and misleading information to dozens of U.S. companies, financial institutions, and government agencies, including the Department of Homeland Security, the Internal Revenue Service, and the Social Security Administration.

Specifically, they allegedly compromised the identities of more than 80 U.S. persons; fraudulently obtained remote jobs at more than 100 U.S. companies, including several Fortune 500 companies and a cleared defense contractor; received laptops and other hardware from U.S. companies; accessed, without authorization, the internal systems of these U.S. companies, including sensitive employer data and source code; generated at least $5 million in revenue for the overseas IT workers; and caused U.S. victim companies to incur legal fees, computer network remediation costs, and other damages and losses of at least $3 million. 

The overseas IT workers were allegedly assisted in this scheme by Kejia Wang, Zhenxing Wang, and at least four other identified U.S. facilitators, prosecutors said.

These facilitators allegedly received and/or hosted laptops belonging to U.S. victim companies at their homes to deceive the U.S. companies into believing the IT workers were in the United States.

Prosecutors allege that they facilitated remote access to the computers for the overseas IT workers through illicit means, including downloading software to the computers without authorization from the U.S. companies, connecting the U.S. companies’ computers to internet-connected KVM switches, and creating shell companies with corresponding websites and financial accounts, including Hopana Tech LLC, Tony WKJ LLC and Independent Lab LLC to make it appear as though the overseas IT workers were affiliated with legitimate U.S. businesses.

“These facilitators also allegedly established accounts at U.S. financial institutions and online money transfer services to receive money from victimized U.S. companies, much of which was subsequently transferred to overseas co-conspirators,” prosecutors said.

In exchange for their services, it is alleged that Kejia Wang, Zhenxing Wang, and the other U.S. facilitators collected at least $696,000 in fees. 

North Korean leader Kim Jong Un, along with his daughter, walks away from an ICBM in this undated photo released by KCNA North Korean leader Kim Jong Un, along with his daughter, walks away from an intercontinental ballistic missile (ICBM) in this undated photo released on November 19, 2022 by North Korea’s Korean Central News Agency (KCNA). KCNA via REUTERS ATTENTION EDITORS – THIS IMAGE WAS PROVIDED BY A THIRD PARTY. NO THIRD PARTY SALES. SOUTH KOREA OUT. NO COMMERCIAL OR EDITORIAL SALES IN SOUTH KOREA. REUTERS IS UNABLE TO INDEPENDENTLY VERIFY THIS IMAGE. – RC2IOX960K53

According to court documents, in October 2024, seven locations in New York, New Jersey and California were searched and voluntary interviews at so-called “laptop farms,” or sites used to host U.S company laptop computers used in the scheme, were conducted.

Investigators recovered more than 70 victim company devices. Additionally, 21 fake web domains used to facilitate North Korean IT work have been seized, and 29 financial accounts, holding tens of thousands of dollars in funds, used to launder revenue for the North Korean regime through remote IT work.

Also Monday, the Northern District of Georgia unsealed an indictment charging four North Korean nationals with a scheme to steal virtual currency held by two victim companies valued at over $750,000 and laundering the proceeds overseas. 

Unlike traditional North Korean IT workers, who usually seek employment with the goal of remitting their salaries back to North Korea, prosecutors said those charged in Georgia allegedly sought employment with virtual currency-related businesses “to earn the trust of those businesses and then stole those businesses’ virtual assets.”

Monday’s announcement is the culmination of a multi-year investigation by federal law enforcement agencies, Foley said.

The U.S. Department of State has offered potential rewards for up to $5 million in support of international efforts to disrupt North Korea’s illicit financial activities, including for certain information related to individuals who are sent outside of North Korea to work to generate money for the North Korean government or who facilitate the activities of such North Korean nationals.

If convicted of the charges of conspiracy to commit mail and wire fraud, conspiracy to commit money laundering and conspiracy to violate the International Emergency Economic Powers Act, the defendants face a sentence of up to 20 years in prison, three years of supervised release and a fine of $250,000.

If convicted of the charge of conspiracy to cause damage to a protected computer, the defendants face a sentence of up to 15 years in prison, three years of supervised release and a $250,000 fine.

If convicted of the charge of conspiracy to commit identity theft, the defendants face a sentence of up to five years in prison, three years of supervised release and a $250,000 fine.

“This multiagency case demonstrates the power of law enforcement agencies collaborating to dismantle international fraudulent schemes involving technology,” said Shawn Gibson, Special Agent in Charge for Homeland Security Investigations in San Diego, one of the agencies working the case.

“Let this investigation prove that HSI will aggressively identify and bring to justice those who seek to steal intellectual property through illegal access to computer networks in order to financially profit and jeopardize U.S.-based businesses who have fallen victim to these actors,” Gibson said.

This is a developing story. Check back for updates as more information becomes available.

Download the FREE Boston 25 News app for breaking news alerts.

Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW

©2025 Cox Media Group



Source link