DoJ Raids 29 Laptop Farms in North Korean IT Worker Scheme
Laptop farms are a term for people who help the North Koreans pose as IT workers in order to hack US firms. The way it works is that the North Koreans hire someone to front as the host for laptops that a company ships to the remote worker. The front person plugs it in and connects it to the Internet and installs remote control software on it so that they can run it from someplace else such as North Korea. Once this is done, they are now inside a company’s network, with credentials, often with elevated permissions.
The action involved 3 indictments, one (and only one) arrest, the seizure of 29 bank accounts (presumably one for each laptop farm) and the shutdown of 21 web sites.
FBI officials said the laptop farms allowed an undisclosed number of North Koreans to illegally work at more than 100 U.S. companies.
The FBI said it conducted searches at eight locations in October 2024 across three states that led to the discovery of more than 70 laptops and remote access devices.
The FBI conducted 21 more searches in June across 14 states. The locations were not disclosed but FBI offices in Colorado, Missouri and Texas were involved. About 137 laptops were seized as part of the searches.
The DoJ did not explain why there were not more arrests, but the scheme intentionally only requires one caretaker per farm – the rest of the people are remote, likely in unfriendly countries.
In at least one case, North Korean IT workers gained access to “sensitive employer data and source code, including International Traffic in Arms Regulations (ITAR) data,” after they were hired by a California-based defense contractor that develops artificial intelligence-powered equipment and technologies.
In this case it is possible that the employer could face fines and even charges for not protecting sensitive data.
This is only the tip of the iceberg and it is one way North Korea funds the country in the face of crippling sanctions.
This problem is very real and, especially with AI, very hard to detect. If you need help protecting yourself, please contact us.
Credit: The Record