“North Korean hackers infiltrated US tech firms using stolen identities and laptop farms, funneling millions to fund Pyongyang’s weapons programs. By posing as remote IT workers, they accessed sensitive data and extorted companies, exploiting remote work vulnerabilities. Recent crackdowns by the US Justice Department have targeted these schemes, seizing laptops and indicting operatives.”
North Korean Cyber Operatives Deceive US Tech Firms with Laptop Scams
In a sophisticated cyber scheme, North Korean hackers have been infiltrating major US tech companies by posing as remote IT workers, leveraging stolen identities and “laptop farms” to siphon millions of dollars to Pyongyang. According to cybersecurity experts, these operatives have targeted Fortune 500 firms, exploiting the surge in remote work post-Covid-19 to bypass hiring safeguards. The US Justice Department’s recent actions, including indictments and seizures, have exposed the scale of this fraud, which not only funds North Korea’s weapons programs but also poses severe risks of data theft and extortion.
The scam begins with North Korean operatives crafting convincing fake identities, often using stolen personal information such as Social Security numbers and addresses of US citizens. These identities are used to create professional LinkedIn profiles and résumés, enhanced by AI tools to pass video interviews. Once hired, the operatives request work laptops to be shipped to US-based addresses, which are often “laptop farms” operated by American accomplices. These farms, hosting dozens of devices, allow hackers to remotely access company systems via VPNs from locations in North Korea or China, making it appear as though they are working from the US.
A notable case involved Christina Chapman, an American who pleaded guilty in February 2025 for aiding North Korean operatives over three years. Her scheme facilitated jobs at over 300 US companies, generating $17 million for Pyongyang. The operatives often juggled multiple remote jobs to maximize earnings, with some even planting malware to extort companies after being fired. For instance, cybersecurity firm KnowBe4 hired a fake IT worker in July 2024, who immediately loaded malware onto a company laptop, though robust controls prevented data loss.
The US Justice Department’s crackdown in July 2025 targeted 29 laptop farms across 16 states, seizing 137 laptops and 29 financial accounts. Indictments were issued against individuals like Zhenxing “Danny” Wang, accused of running fake software firms to launder $5 million. Another scheme saw North Korean workers steal over $900,000 in cryptocurrency from an Atlanta-based blockchain firm, highlighting the dual threat of financial fraud and data theft.
Cybersecurity firms like CrowdStrike and Microsoft have reported a surge in such incidents, with North Korean groups like “Famous Chollima” and “Nickel Tapestry” orchestrating these operations. The hackers, often trained at elite institutions like Kim Chaek University, are highly skilled and use AI to create convincing deepfakes and profiles. In one case, a crypto startup founder, Harrison Leggio, reported that 95% of his job applications came from North Korean operatives, prompting him to use a unique screening method: asking candidates to criticize Kim Jong Un, which often exposed the fraud.
The FBI has warned that these operatives are escalating tactics, including data extortion, with some stealing sensitive code from platforms like GitHub or planting ransomware. A California-based defense contractor was breached, with ITAR-controlled data accessed, underscoring national security risks. Experts urge companies to strengthen hiring processes with in-person onboarding, enhanced identity verification, and continuous network monitoring to detect suspicious activity.
Despite law enforcement efforts, the schemes remain widespread, with thousands of fake personas active. Microsoft banned 3,000 accounts linked to these operatives, and SentinelOne reported receiving 1,000 fraudulent job applications in a single month. The challenge lies in the operatives’ adaptability, using AI and global facilitators in countries like China and Russia to evade detection. As remote work continues to dominate, experts warn that this cyber threat will persist, demanding vigilance from both companies and authorities.
Disclaimer: This article is based on reports from reputable sources, including cybersecurity firms, the US Justice Department, and news outlets like POLITICO, WIRED, and Reuters. Information is accurate as of July 7, 2025, but may evolve with ongoing investigations. Readers are advised to verify details through official channels and consult cybersecurity experts for protective measures.