The FBI and DOJ have dismantled 29 North Korean “laptop farms” across 16 US states, targeting illicit IT workers who infiltrated over 100 American companies. The operation, involving arrests, indictments, and seizures, exposed schemes funneling millions to Pyongyang’s weapons programs. Stolen identities and fraudulent websites facilitated the scams, compromising sensitive data and evading sanctions.
FBI Targets North Korean IT Worker Schemes in Nationwide Sweep
The U.S. Department of Justice (DOJ), in collaboration with the FBI, announced a significant crackdown on June 30, 2025, targeting North Korean remote IT worker schemes that defrauded American companies and funded Pyongyang’s weapons programs. The operation resulted in searches of 29 known or suspected “laptop farms” across 16 states, the seizure of approximately 200 laptops, 29 financial accounts, and 21 fraudulent websites. One U.S. national was arrested, and two others were indicted for allegedly facilitating these schemes.
These laptop farms, often hosted in U.S. homes, enabled North Korean IT workers to remotely access company-issued computers, tricking employers into believing the workers were U.S.-based. The DOJ revealed that North Korean operatives, often posing as U.S. or foreign teleworkers, secured jobs at over 100 U.S. companies, including major tech firms. In one case, they stole $740,000 from a Georgia-based tech company, while another instance involved the theft of export-controlled U.S. military technology.
The schemes relied on sophisticated methods, including stolen identities, falsified resumes, and front companies. U.S.-based facilitators allegedly created fraudulent websites to bolster the credentials of North Korean workers. For instance, four North Korean nationals—Kim Kwang-jin, Kang Tae-bok, Jong Pong-ju, and Chang Nam-il—were indicted for stealing over $915,000 in cryptocurrency by manipulating source codes after gaining trusted roles at two companies. These operatives remain at large, as per an FBI wanted poster released on June 30.
The FBI’s searches, conducted between June 10 and June 17, 2025, targeted 21 premises across 14 states, seizing 137 laptops in one phase alone. The operations were part of the DOJ’s DPRK RevGen: Domestic Enabler Initiative, a joint effort with the FBI’s Cyber and Counterintelligence Divisions to disrupt North Korea’s revenue-generating schemes. Assistant Director Brett Leatherman of the FBI’s Cyber Division noted that individual North Korean IT workers could earn up to $300,000 annually, collectively funneling hundreds of millions to Pyongyang’s Ministry of Defense and other sanctioned entities.
The State Department, Treasury Department, and FBI had previously warned in 2022 about North Korea’s deployment of thousands of skilled IT workers globally, often using VPNs, proxy accounts, and stolen identities to evade detection. Despite earlier crackdowns, such as one in January 2025, the scale of the recent operation underscores the persistence of the threat. Cybersecurity experts warn that North Korean operatives continue to target U.S. companies, both for financial gain and espionage, exploiting remote work vulnerabilities.
In one notable case, a New Jersey man was arrested for running a laptop farm, while a Tennessee man was previously charged for helping North Korean workers pose as U.S. citizens to secure jobs at U.S. and British tech firms. The DOJ also highlighted the role of collaborators in China, the UAE, and Taiwan, who assisted in setting up these schemes. The infiltration of Fortune 500 companies and the theft of sensitive data have raised alarms about the broader implications for national security.
The FBI emphasized that the crackdown is not the end of North Korea’s efforts. “North Korea remains intent on funding its weapons programs by defrauding U.S. companies and exploiting American victims of identity theft,” said Assistant Director Roman Rozhavsky of the FBI’s Counterintelligence Division. The DOJ and FBI continue to investigate similar schemes, urging companies to strengthen vetting processes for remote workers to prevent further infiltration.
Disclaimer: This article is based on reports from the U.S. Department of Justice, FBI statements, and credible news sources such as Breitbart, CNN, and WIRED. Information is accurate as of July 7, 2025, and subject to updates as new details emerge. Readers are advised to verify details with official sources.