The U.S. Department of Justice (DOJ) and FBI have announced a coordinated crackdown on a North Korean scheme involving operatives posing as American remote IT workers to infiltrate over 100 U.S. companies, including Fortune 500 firms and defense contractors. From 2021 to 2024, North Korean actors used stolen identities of more than 80 Americans and operated approximately 29 "laptop farms" across 16 states to secure lucrative remote jobs. The scheme generated around $5 million in revenue, which was funneled to North Korea's government to support its weapons programs. Authorities arrested a U.S. national in New Jersey who allegedly hosted one such laptop farm. The DOJ charged four North Korean nationals with wire fraud, money laundering, and theft of nearly $1 million in cryptocurrency from an Atlanta-based blockchain startup. The operatives employed sophisticated techniques, including AI-generated fake documents and voices, to gain trust and access. They also deployed novel macOS malware, dubbed "NimDoor," disguised as Zoom updates, to target crypto firms and steal sensitive data. The U.S. Treasury Department has sanctioned key individuals involved in the scheme, including North Korean cyber actor Song Kum Hyok, and several Russian nationals and companies linked to the operation. The sanctions aim to disrupt the illicit revenue streams funding North Korea's nuclear and weapons development. The operation also involved infiltration attempts into U.S. crypto startups, where malicious code was embedded to facilitate crypto theft and laundering. The DOJ and law enforcement agencies seized over 200 devices, froze 29 bank accounts, and took down 21 fake websites connected to the scheme.