TAIPEI (Taiwan News) — The US Department of Justice has indicted six Chinese nationals, two Taiwanese citizens, and one American for allegedly helping North Korean IT workers infiltrate over 100 US companies, generating millions to fund the regime’s weapons programs.

The DOJ uncovered a North Korean government scheme in which tech workers stole American identities to obtain remote IT positions at US firms, per CNA. This operation netted at least US$5 million (NT$140 million) in revenue.

The DOJ said the US District Court in Boston, Massachusetts, indicted Taiwanese nationals Liu Meng-ting (劉孟婷) and Liu En-chia (劉恩), along with seven others. Financial accounts, websites, and laptops used in the scam have also been seized.

The victims include Fortune 500 companies, as well as a California-based defense contractor. These firms were misled into believing the workers they hired were based in the US, when in fact most were located in North Korea or China, with their salaries funneled into accounts tied to Pyongyang.

Assistant Attorney General John Eisenberg of the DOJ’s National Security Division said, “These schemes target and steal from US companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs." Eisenberg said his department, along with domestic and international partners, will continue to pursue and dismantle these cyber-related revenue-generating networks. 

The defendants are accused of setting up financial accounts to receive the proceeds and creating fake websites for shell companies to make the IT workers appear to be part of legitimate businesses. They were also assisted by unnamed individuals based in the US, who helped facilitate remote access to computer systems, deceiving companies into thinking the logins were coming from within the US.

In October 2024, law enforcement searched seven locations across New York, New Jersey, and California. They interviewed individuals at “laptop farms,” locations used to house computers from US companies for the fraud operation, and seized more than 70 devices belonging to victim firms.

Authorities also seized 21 fraudulent websites used in the scheme to support North Korean IT operations. They also froze 29 financial accounts containing tens of thousands of dollars allegedly used to launder money through remote IT work for North Korea.