North Korean operatives and American accomplices accused in massive fraud that infiltrated the Fortune 500 and stole millions

According to the first major indictment from the Massachusetts Province, North Korea’s IT crew claims with the conspirators participating in New York, New Jersey, California, and abroad to steal the identities of more than 80 American people, who get a distance in more than 100 companies in Fortune 500-piece at least $ 5 million. According to the second indictment, it is claimed that a team of four people of IT workers in North Korea traveled to the United Arab Emirates where they used stolen identities to form information technology workers from a distance, obtain jobs in American companies for themselves, unknown consumers, then systematically steal the digital currency to finance nuclear weapons programs in North Korea.

The accusation regulations are in detail in the way in which the ITS plan is based on just relying on fake and fabricated identities, to a complex network of American -led front companies. The front companies were established by paid -up complicity and make them show that IT workers belong to the legitimate American companies. The front contestants hide the North Korea information technology workers behind the stolen American identities, and offer them addresses for charging laptops that companies have sent to software functions remotely. It is claimed that the stolen revenues in the fraud system have been transferred to the North Korean leadership to help finance weapons of mass destruction and missile programs in the authoritarian system.

“North Korea remains determined to finance its weapons programs by defrauding American companies and the exploitation of American victims to steal identity, but the FBI intends to disrupt this huge campaign and bring its perpetrators to justice,” the Assistant Director Roman Rozverki of the FBI department said in a statement. “Information technology workers in North Korea who demonstrate as American citizens have a fraudulent work with American companies so that they can transfer hundreds of millions of dollars into the authoritarian regime of North Korea. The FBI will do everything we can defend the country and protect the Americans from being victims by the North government, and we ask all American companies to work to employ workers appointed in this calendar.”

The authorities said on Monday that the authoritarian leadership of the Democratic Republic of Korea (DPRK) has deployed thousands of information technology workers trained all over the world to deceive companies to employ them in information technology jobs. Once they are appointed, IT workers are assigned to make money and collect intelligence to help steal the Internet. College as the “Information Technology Workers Scheme in North Korea”, hundreds of Fortune 500 and smaller technology companies were fighting tsunami from potential work of work from work who are already trained in North Korea IT workers. The United Nations estimated that the plan generates between 200 million dollars to $ 600 million annually, not the amount of encryption that it was stolen in robbery using intelligence collected by North Korea IT workers, which are billions.

According to the indictment, the New Jersey Zhenxing “Danny” Wang founded a software development company called Independent Lab as a front company in the plan. Through an independent laboratory, companies have shipped laptops to Wang about what they believed that companies had rented IT workers, but in reality the people who stole their identities were. He claimed that Wang hosted laptops at his home, known as “laptop farm”, and installed a remote access program so that North Korea workers can access them from external sites. Wang has also received money paid as compensation from American companies and was allegedly transferred to the accounts dominated by the insiders abroad.

The indictment states that many defendants and work partners acted using the front companies, including other conspirators who have not been named in New York, California, as well as a member of the active service in the American army. It was claimed that the accomplices hosted laptop farms in their homes for hundreds of thousands of dollars as fees, the authorities claimed. It was claimed that the fronts were at least four major companies, causing at least 100,000 dollars, each of them, as compensation and wages lost. He claims that one of the two partners claims that Kejia Wang knows that the workers were behaving on behalf of North Korea.

In addition to Danny Wang, the government accused eight other defendants and claimed that fraud included a California -based defense contractor, from which a representative stole sensitive documents related to American military technology. Other companies are affected by the fraud scheme in California, Massachusetts, New York, New Jersey, Florida, New Mexico, Georgia, Maryland, North Carolina, Illinois, Ohio, South Carolina, Michigan, Texas, Indiana, Arkansas, Missouri, Tennessee, Minnesota, Rods, Oregon, Oregon, Oregon, Oregon, or Uri. Colorado, Colombia Province.

Michael “Barney”, the main risk investigator of the DTEX security company, said the arrests this week was a reminder that the threats of IT workers in DPRK go beyond the mere generation of revenue.

Barnhart told luck In a statement. “DPRK actors are increasingly used front companies and trusted third parties to overcome traditional employment guarantees, including cases allocated to those in sensitive sectors such as the government and the defensive industrial base.”

Barnhart suggested that the arrests confirm the idea that companies should look beyond the model gates and re -evaluate the entire talent pipelines given the way the threat of the IT factor in DPRK is adapted.

John A. Eisenberg, Assistant Prosecutor in the Ministry of National Security of the Ministry, in a statement, “These plans are targeting and stealing from American companies, and they are designed to evade sanctions and finance the illegal programs of the North Korean regime, including their weapons programs.” “The Ministry of Justice will continue, in addition to law enforcement, the private sector, and international partners, constantly and dismantling the revenue generation networks that support the Internet.”

The second indictment determines how the four -man delegation used a mixture of stolen identities and perpetrators to obtain two jobs for the developer of IT workers in North Korea in the Research and Development Technology Company in Atlanta, and in a separate virtual symbolic company.

Together, the Crypto duo stole about one million dollars, and the US Prosecutor’s Office for the northern region of the alleged Georgia in an indictment presented last week. Then he brought other information technology workers to help them wash the currency so that they could hide its assets before sending the money to the North Korean leadership.

“Not me !!!”

As he claimed in the second indictment, the plan started in this case in October 2019 when four information technology workers in North Korea traveled to the United Arab Emirates using North Korea documents and put themselves as one team. The crew systematically benefited from the stolen identities mixed with their own images to pass a crowd as legal employees and access sensitive information in companies. The goal, according to the indictment, was to gain adequate confidence to reach the virtual companies controlled by companies so that they could transfer them to the Democratic government of Korea, led by authoritarian dictator Kim Jong Un.

Once it was operated, in December 2020, it was claimed that the defendant Kim Kwang Gim gave a company whose name was not revealed a fake Portuguese identity that included a picture of Kim with the actual birth date of the victim and the government’s identity number. He claimed that Kim used the stolen identity as a borrower to get a work to develop the source code in an American company whose name was not revealed in Atlanta. The indictment is called a victim of the stolen identity only as PS and no company claimed to be rented as an information technology factor in North Korea.

In March 2022, it was claimed that Kim had amended the source law in the company, where he was appointed. His changes changed a symbol of smart contracting and controlling contract that lived on ETAREUM and Polygon episodes. Kim has raised the changes that dictate when the currency can be withdrawn from the company -controlled financing pools.

Then on March 29 and March 30, 2022, Kim was claimed that Kim took 4 million icon icons, 229,051 Mataich symbols, and 110,846 beginnings. Finally, the virtual currencies valued at about $ 740,000 at the time of theft, according to the indictment. Kim is alleged to transfer the currency to the title of another currency he was controlling.

The authorities say that Kim presented the logical basis for the founder to the founder of his founder to try to explain the currency: “Hello brother, really sorry-I started this strange TXS that occurs after it was re-drafted GitHub.”

On March 30, the company’s founder sent a message to Telegram to Kim accused of stealing virtual currency from the company’s financing gatherings. Kim wrote, using a Telegram account that was prepared with the stolen PS identity, “How often I need to tell you ??? I did not do that !!! It is not me !!!”

Brian Zhou

The other alleged accident shown in the indictment in May 2021 began. The authorities say that the defendant Jong Bong Go used the name “Brian Zhou” to obtain a job in another company whose name was not mentioned to provide information technology services.

After his appointment, it was claimed that Jong was able to reach the company’s virtual currency. Later that year in October 2021, it was claimed that Jong used a telegram account he created using the “Bryan Cho” nickname to recommend the company’s founder that “Peter Xiao” would make a great developer. The authorities claimed that Peter Xiao was actually another defender, Zhang Nam Il. The founder took Jong’s recommendation and rented “Peter Xiao” to work on the front development. Zhang, who works in the role of Peter Xiao, works in the company from October 2021 to January 2022.

In January 2022, the founder of the company requested a video to verify the identity of “Brian Zhou” – which was actually Jong, and the authorities – before giving Jong’s additional access to the company’s encryption assets. On January 25, 2022, it was claimed that Jong used a Malaysian driver’s license with Bryan Cho alias to send a video to the founder via Telegram. Then he claims that the founder gave Jong an additional access.

The following month, Jong took over this arrival and stole the distinctive symbols of the virtual currency of about 60 ETHER (at $ 175,680 at the time) by transferring it to the address of another virtual currency controlled by Jong. Then Jong used the Bryan Cho Telegram account for the company’s founder’s message, “I think I am wrong (SIC) dropped the key in the. ENV sample file,”

Then he asked the founder about the “ENV” and Jong -Jong – like the Brian Chu – “Gaytap”.

American lawyer Theodore S. said. Hirtburg in a statement: “The defendants used fake and honest personal identities to hide their nationality in North Korea, and they formed as a distance in information technology, and took advantage of their victims’ confidence to steal hundreds of thousands of dollars.” “The indictment highlights this unique threat posed by North Korea for companies that employ information technology workers and emphasizes its solution to the prosecution of any representative, in the United States or abroad, who steal from Georgia’s companies.”

This was not the end. From there, it is claimed that North Korea information workers need to be laundering stolen money.

Zhang, Jong, Kim, the fourth defendant, Kang Tae Book, used additional pseudonyms and a virtual currency mixer known as “Tornado Cash” to wash stolen assets. Tornado Cash is a coding mixer mainly wipes the course of encrypted transactions.

The authorities claim that Kang used the “Wong Shao ONN” pseudonym to open an account on the virtual work exchange whose name has not been revealed using a Malaysian identifier with his own image. Likewise, Chang used a fake Malaysian identifier to open an account using the “Bong Chee Sheen” niceron.

Jong, after stealing 60 of the ether, sent the currency to Tornado Cash for mixing, and the indictment countries. Kim sent stolen symbols to Tornado Cash as well. Then mixed funds were withdrawn in the Kang -controlled accounts, using the Wong and Bong nickname.

Tornado Cash did not respond to a request for comment. Attempts to reach Wang did not succeed.