The U.S. Department of Justice (DOJ) has announced new actions targeting how North Korea covertly raises money through stolen identities, remote tech work, and large-scale crypto theft. Schemes officials say directly help fund its sanctioned weapons programs.
Five individuals, four Americans and one Ukrainian national, pleaded guilty to helping North Korean IT workers pose as U.S.-based employees. They provided stolen or falsified identities, hosted company-issued laptops, and helped Democratic People’s Republic of Korea (DPRK) operatives bypass hiring checks.
According to the official announcement, the network infiltrated 136 U.S. companies and sent more than $2.2 million back to the regime.
In a parallel action, the Justice Department filed two forfeiture complaints covering over $15 million in USDT seized from Advanced Persistent Threat 38 (APT38), a North Korean military hacking unit responsible for some of the world’s largest crypto exchange intrusions.
APT38 stole hundreds of millions from platforms in Estonia, Panama, and the Seychelles in 2023, then laundered the funds through mixers, bridges, and OTC brokers. Authorities intercepted part of the laundering flow, froze the assets, and now seek permanent forfeiture.
U.S. agencies have warned for years that North Korean operatives disguise themselves as freelance developers or remote workers to access corporate networks. They use stolen Social Security numbers, fake U.S. addresses, and proxy computers to appear domestic.
Investigators say some DPRK IT workers earn hundreds of thousands annually, generating “hundreds of millions” for the regime. The DOJ warns these infiltrations threaten both national security and economic stability.
The new actions follow a rapid escalation in U.S. enforcement targeting Asian cyber-fraud networks. This week, the government launched the Scam Center Strike Force, a new unit aimed at combating Southeast Asian “pig-butchering” schemes that have drained billions from Americans. Last month, the U.S. and U.K. jointly sanctioned major crime syndicates in Cambodia and Laos tied to crypto laundering.
Together, these efforts reflect a clear shift: U.S. agencies are no longer pursuing only individual hackers but also the infrastructure and intermediaries that enable global crypto-enabled crime.
The Justice Department says more arrests, seizures, and cross-border operations are coming. The Federal Bureau of Investigation (FBI) is urging U.S. companies to tighten vetting for remote tech workers and watch for suspicious logins or data access.
Assistant Attorney General John A. Eisenberg said the U.S. will use “every available tool” to disrupt DPRK revenue streams. With North Korea leaning on crypto theft and remote-work fraud to evade sanctions, officials say this is only the beginning.