DPRK IT Worker Network (Overseas Scheme)

2017-04-01

Yanbian Silverstar and Volasys Silver Star begin operating; DPRK IT workers placed in U.S. companies under false identities (approximate start date per DOJ indictment).

2018-04-01

Second cohort of DPRK IT workers (Jin Sung-Il, Pak Jin-Song network) begins placing workers at U.S. companies under stolen U.S. passport identities (approximate start date per DOJ indictment).

2022-05-16

OFAC publishes advisory on North Korea IT Workers; first U.S. government public warning to the private sector.

2023-04-01

Sim Hyon Sop indicted for conspiring with DPRK IT workers to generate revenue and with OTC crypto traders to launder funds; $7.74 million restrained by U.S. government.

2024-03-01

DOJ launches DPRK RevGen: Domestic Enabler Initiative under National Security Division and FBI Cyber and Counterintelligence Divisions, specifically targeting U.S.-based laptop farm operators.

2024-08-01

DOJ arrests Nashville-based facilitator Matthew Isaac Knoot; disrupts North Korean remote IT worker fraud schemes. Seizures of related financial accounts.

2024-10-01

Google/Mandiant documents sharp increase in extortion attempts by DPRK IT workers, coinciding with increased law enforcement pressure. Workers begin targeting larger organizations.

2024-12-11

DOJ indicts 14 North Korean nationals (including Yanbian Silverstar CEO Jong Song Hwa, Kim Ryu Song, Ri Kyong Sik) for $88 million IT worker fraud scheme over six years. State Department simultaneously offers $5 million Rewards for Justice bounty on the companies.

2025-01-21

DOJ indicts North Korean nationals Jin Sung-Il and Pak Jin-Song plus three facilitators for placing workers at 64 U.S. companies between 2018 and 2024, generating at least $866,255 in illicit revenue laundered through a Chinese bank account.

2025-01-23

FBI IC3 issues public service announcement warning companies of data extortion by North Korean IT workers leveraging unauthorized corporate network access.

2025-06-10

DOJ announces coordinated nationwide enforcement: two new indictments, one information with plea, arrest of Zhenxing Wang in New Jersey. FBI executes searches of 21 premises across 14 states hosting laptop farms (June 10–17). Seizure of 29 financial accounts and 21 fraudulent websites.

2025-06-05

DOJ files civil forfeiture complaint against $7.74 million in cryptocurrency tied to Sim Hyon Sop's laundering network.

2025-08-04

CrowdStrike reports North Korean IT worker infiltration attempts grew 220% year-over-year; AI is weaponized at every stage of the hiring process including deepfakes and synthetic identity generation.

2025-08-27

OFAC designates Russian national Vitaliy Sergeyevich Andreyev, Shenyang Geumpungri Network Technology Co. (China), and Korea Sinjin Trading Corporation (DPRK) for facilitating payments to Chinyong IT worker network.

2026-03-12

OFAC designates six individuals and two entities (Amnokgang Technology Development Company; Quangvietdnbg International Services Company Limited) for roles in generating approximately $800 million in 2024 for DPRK weapons programs. Twenty-one cryptocurrency addresses across Ethereum, Tron, and Bitcoin identified.

2026-04-16

Kejia Wang sentenced to 108 months in prison and Zhenxing Wang sentenced to 92 months in prison for operating laptop farms for DPRK IT workers, generating more than $5 million for the regime using stolen identities of 80+ U.S. citizens.

2026-05-14

CrowdStrike reports DPRK-linked cyber groups stole a combined $2.02 billion in 2025 (up 51% year-over-year); financial services identified as an escalating target sector.