FBI busts U.S. laptop farms feeding North Korean cybercrime machine.

Hired by you. Funded by North Korea.
By  
Gigabit Systems
July 2, 2025
20 min read
Share this post

Hired by You. Funded by North Korea.

FBI busts U.S. laptop farms feeding North Korean cybercrime machine.

The U.S. Justice Department just dismantled a covert IT scheme that’s more than fraud—it’s a threat to national security, business integrity, and global cybersecurity.

Nearly 200 laptops, 29 domains, and $7.74 million in digital assets were seized. The operation exposed a network of North Korean operatives masquerading as U.S.-based IT workers, infiltrating over 100 American companies, including tech startups, blockchain firms, and potentially defense contractors.

How It Worked

North Korean nationals—some using deepfaked documents and AI-enhanced profiles—posed as remote developers, using:

  • Stolen or fake identities

  • Shell companies and U.S.-based facilitators

  • KVM switches (like TinyPilot) to remote into employer-issued laptops

  • Fake job listings and LinkedIn profiles to bypass screening

They were assisted by individuals in the U.S., China, Taiwan, and UAE, including Zhenxing “Danny” Wang of New Jersey, who helped launder over $5 million to DPRK-linked entities.

Why It’s So Dangerous

Once hired, these “employees”:

  • Accessed export-controlled military technology

  • Stole over $900,000 in cryptocurrency

  • Altered smart contracts at a blockchain R&D firm

  • Used VPNs, AI image enhancement, and remote management tools

  • Exploited corporate trust to infiltrate sensitive environments

“North Korea’s most talented employees may already be working for you.” – U.S. DOJ

Not Just Government Targets

SMBs, schools, healthcare orgs, and law firms that use contract developers or outsource IT roles are just as vulnerable.

You trust résumés, interviews, and device logins—but North Korean operatives have weaponized identity, software, and even your hiring process.

This isn’t a phishing email. This is credentialed access with a W-9 on file.

What You Should Do Now

✅ Vet every remote hire with layered ID verification

✅ Use endpoint detection and geolocation-based behavioral analytics

✅ Watch for inconsistent device usage or suspicious remote access activity

✅ Avoid letting remote users control company-issued devices via KVM

✅ Work with MSPs who know how to detect embedded threats

They Weren’t Just Stealing Money. They Were Stealing Trust.

The lines between cybercrime and cyberwarfare are gone. This isn’t just IT fraud—it’s infiltration, surveillance, and a direct threat to your clients, your data, and your country.

70% of all cyber attacks target small businesses. I can help protect yours.

#CyberSecurity #InsiderThreats #NorthKorea #RemoteWorkRisks #ManagedITServices

Share this post
See some more of our most recent posts...