DOJ Disrupts North Korea's Cyber-Funded Weapons Network

Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Sunday, Nov 16, 2025 9:08 am ET1min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
USDT
--
Aime RobotAime Summary

- U.S. DOJ disrupts North Korean cybercrime network infiltrating 136 U.S. firms via fake IT workers, generating $2.2 million in illicit revenue for Pyongyang's weapons programs.

- Five individuals, including U.S. citizens and a Ukrainian national, pleaded guilty to enabling APT38's operations through stolen identities and proxy computers hosted in U.S. residences.

- DOJ seized $15 million in

USDT
linked to 2023 crypto heists by APT38, which has stolen over $2 billion globally in 2025 alone, according to Elliptic analysis.

- The crackdown targets intermediaries like identity sellers and cryptocurrency launderers, reflecting a strategic shift toward dismantling North Korea's illicit funding infrastructure through international collaboration.

The U.S. Department of Justice (DOJ) has unveiled a sweeping crackdown on a North Korean cybercrime scheme that infiltrated 136 U.S. companies through fraudulent remote IT worker operations, netting the regime $2.2 million in illicit revenue. The operation, orchestrated by North Korean operatives posing as U.S.-based tech professionals using stolen identities, has been linked to the APT38 hacking group, which is known for large-scale cryptocurrency heists. The DOJ's actions include the guilty pleas of five individuals-four U.S. citizens and one Ukrainian national-and the seizure of $15 million in

Tether
(USDT)
tied to APT38's 2023 crypto thefts
.

The scheme involved North Korean IT workers using falsified identities, fake Social Security numbers, and proxy computers hosted in U.S. residences to secure remote positions at American companies. Facilitators, including U.S. Army veteran Alexander Paul Travis and Ukrainian national Oleksandr Didenko, provided stolen identities and hosted company-issued laptops, enabling the operatives to bypass hiring vetting processes . Didenko, who sold U.S. citizens' identities to North Koreans, agreed to forfeit $1.4 million as part of his plea deal .

The DOJ described the operation as a critical revenue stream for North Korea's sanctioned weapons programs, with individual IT workers earning up to $300,000 annually .

The DOJ's parallel action targeting cryptocurrency thefts by APT38 has resulted in the seizure of $15 million in USDT from 2023 heists against crypto platforms in Estonia, Panama, and the Seychelles. These funds were laundered through mixers and over-the-counter brokers before being frozen by U.S. authorities . The APT38 group, a North Korean military hacking unit,

has stolen over $2 billion
in cryptocurrency globally in 2025 alone, according to Elliptic analysis .

U.S. Attorney Jason A. Reding Quiñones emphasized the government's resolve to disrupt North Korea's funding mechanisms, stating, "We will not permit [North Korea] to bankroll its weapons programs by preying on American companies and workers" . Assistant Attorney General John A. Eisenberg added that the DOJ is targeting not just hackers but the intermediaries enabling global crypto-enabled crime . The DOJ has also established the Scam Center Strike Force to combat broader Asian cyber-fraud networks, reflecting a coordinated international effort .

The crackdown follows warnings from U.S. and U.K. agencies about the growing threat of North Korean cyber operations. In October, the two nations jointly sanctioned crime syndicates in Cambodia and Laos linked to crypto laundering. The DOJ's actions highlight a strategic shift toward dismantling the infrastructure supporting illicit revenue streams, with further arrests and cross-border operations expected .