Nine individuals have been indicted in Boston for their roles in a scheme that allegedly raised $5 million intended to fund North Korea’s weapons of mass destruction (WMD) program, according to a statement from the United States Attorney Leah Foley’s office on Monday.
The indicted individuals include Jing Bin Huang, Baoyu Zhou, Tong Yuze, Yongzhe Xu, Ziyou Yuan, and Zhenbang Zhou, all from China. Additionally, Zhenxing “Danny” Wang from New Jersey and Mengting Liu and Enchia Liu from Taiwan are also facing charges.
Zhenxing Wang was apprehended in New Jersey on Monday and is expected to appear in federal court in Boston at a later date.
These indictments are the result of a lengthy investigation by federal law enforcement agencies, forming part of the Department of Justice’s initiative titled “DPRK [Democratic People’s Republic of Korea]: Domestic Enabler.” This initiative aims to disrupt operations that facilitate illicit revenue generation for North Korea through remote IT workers and the U.S.-based individuals who enable them.
According to the statement, North Korea’s government has reportedly dispatched thousands of skilled IT workers globally. These workers have engaged in identity theft, posing as domestic workers to secure remote jobs with American companies, thereby generating revenue for the regime’s WMD programs.
The indictment states that those involved retrieved sensitive data and source code from various companies, which included information governed by International Traffic in Arms Regulations from a California-based defense contractor specializing in AI-powered technologies.
Between 2021 and October 2024, the indicted individuals transmitted fraudulent and misleading information to numerous U.S. companies, financial institutions, and government agencies, including the Department of Homeland Security, the Internal Revenue Service, and the Social Security Administration.
This fraudulent activity reportedly compromised the identities of more than 80 U.S. citizens and allowed the suspects to obtain remote jobs with over 100 American companies, including several Fortune 500 firms and a defense contractor. The scheme generated approximately $5 million in revenue for overseas IT workers, while incurring over $3 million in legal fees, computer network remediation costs, and other associated damages and losses.
Zhenxing Wang and Kejia Wang were reported to have assisted overseas IT workers in this scheme, alongside four other unidentified U.S. facilitators. They allegedly facilitated remote access to computers without authorization from American companies after acquiring laptops for the workers.
In addition, these facilitators established accounts at U.S. financial institutions and online money transfer services to gather funds from victimized U.S. companies. Much of this revenue was subsequently funneled to overseas co-conspirators. In exchange for their services, Kejia Wang, Zhenxing Wang, and the other U.S. facilitators are alleged to have collected at least $696,000 in fees.
In October 2024, authorities executed searches at seven locations across New York, New Jersey, and California. They conducted interviews at what were termed “laptop farms” and recovered over 70 devices belonging to victim companies. Furthermore, they seized 21 fraudulent web domains that were being used to facilitate North Korean IT work and 29 financial accounts containing tens of thousands of dollars, which were identified as having been used to launder revenue for the North Korean government via remote IT work.
Leah Foley emphasized the ongoing threat posed by North Korean operatives in her statement. She highlighted that thousands of cyber operatives trained and deployed by the regime infiltrate the global digital workforce, systematically targeting U.S. companies.
Foley asserted, “We will continue to work relentlessly to protect U.S. businesses and ensure they are not inadvertently fueling the DPRK’s unlawful and dangerous ambitions.”
The charges against those indicted include conspiracy to commit mail and wire fraud, conspiracy to commit money laundering, and conspiracy to violate the International Emergency Economic Powers Act (IEEPA), each of which carries a potential penalty of up to 20 years in prison. The charge of conspiracy to cause damage to a protected computer could result in a maximum sentence of 15 years, while the conspiracy to commit identity theft charge carries a potential sentence of five years. All charges also entail possible fines of $250,000.
image source from:masslive
