DOJ Shuts Down North Korea’s Cyber-Backed Weapons Financing Network

The U.S. Department of Justice (DOJ) has announced a major enforcement action against a North Korean cybercrime network that infiltrated 136 American businesses by posing as remote IT workers, generating $2.2 million in illegal profits for the regime. This scheme, run by North Korean agents pretending to be U.S.-based technology professionals with stolen identities, has been traced to the APT38 hacking group, notorious for its large-scale cryptocurrency thefts. The DOJ’s efforts have resulted in guilty pleas from five people—four Americans and one Ukrainian—and the confiscation of $15 million in

(USDT) .

The operation saw North Korean IT operatives using fake identities, counterfeit Social Security numbers, and U.S.-based proxy computers to land remote jobs at American firms. Facilitators such as U.S. Army veteran Alexander Paul Travis and Ukrainian Oleksandr Didenko supplied stolen identities and managed company laptops, helping the operatives evade employment screening. Didenko, who sold U.S. identities to North Korean actors, has agreed to surrender $1.4 million as part of his plea agreement.

According to the DOJ, this scheme provided a vital source of funding for North Korea’s sanctioned weapons initiatives, with some IT workers making as much as $300,000 per year.

In a related move, the DOJ targeted APT38’s cryptocurrency thefts, seizing $15 million in USDT from 2023 attacks on crypto platforms in Estonia, Panama, and the Seychelles. These assets were funneled through mixers and over-the-counter brokers before being frozen by U.S. officials. APT38, a North Korean military cyber unit,

in cryptocurrency worldwide in 2025 alone, according to Elliptic’s research.

U.S. Attorney Jason A. Reding Quiñones stressed the government’s determination to cut off North Korea’s financial lifelines, declaring, “We will not allow [North Korea] to fund its weapons programs by exploiting American businesses and workers.” Assistant Attorney General John A. Eisenberg noted that the DOJ is pursuing not only hackers but also the intermediaries who facilitate global crypto-related crimes. The DOJ has also launched the Scam Center Strike Force to address broader Asian cyber-fraud rings, signaling a unified international response.

This enforcement action comes after U.S. and U.K. authorities warned of the escalating threat from North Korean cyber activities. In October, both countries imposed sanctions on criminal groups in Cambodia and Laos involved in crypto laundering. The DOJ’s measures reflect a new focus on dismantling the systems that enable illicit funding, with more arrests and international operations anticipated.