U.S. Dismantles North Korean Remote Work Network

The U.S. Department of Justice (DoJ) announced on June 30, 2025, the results of “Operation DPRK RevGen,” a major law enforcement effort that led to the dismantling of a covert network of North Korean IT workers. Using stolen or forged American identities, these individuals were hired in remote roles by more than 100 U.S.-based companies — including several Fortune 500 firms — all while secretly operating from within North Korea.

To conceal their true locations, the network established physical computer “farms” in 16 U.S. states, linked to American telecom providers. This setup gave the illusion that the workers were based in the U.S., and helped launder their salaries, which were then funneled back to fund the Pyongyang regime.

The workers held positions as developers and software engineers across industries including blockchain, aerospace, television, and automotive. According to the DoJ, they used these roles not only to access sensitive information, including proprietary source code, but also to facilitate cyber-espionage and cryptocurrency theft.

As part of the operation, authorities seized 200 computers, over 30 bank accounts, and around 20 websites. The DoJ unsealed multiple indictments targeting North Korean operatives and their collaborators in the United States, the United Arab Emirates, China, and Taiwan. To date, only one arrest has been made — an American citizen residing in New Jersey.