A man residing in Maryland, USA, has been sentenced for helping North Korean-linked IT workers infiltrate American companies.

This incident has become a key feature of North Korea's cyber strategy in 2025, characterized by increasing internal access and cryptocurrency theft.

American jobs open to North Koreans

The U.S. Department of Justice announced the sentencing of U.S. citizen Minh Phuong Ngoc Vong, who was convicted on Thursday of conspiracy to commit wire fraud. Prosecutors demonstrated that he secured remote software development jobs for North Korean nationals at 13 American companies using false credentials.

According to public documents, Vong allowed foreign operators to work remotely using his login, equipment, and identification. This man has been revealed to be operating from China and is presumed to be from North Korea.

Particularly concerning was the job where a Virginia tech company hired Vong to undertake a project for the Federal Aviation Administration in 2023.

This position required U.S. citizenship and was issued a government-issued personal identity verification card. Vong installed remote access tools on company laptops. This measure allowed North Koreans to complete work unnoticed abroad.

The company paid Vong over $28,000, and he remitted some of that income to overseas partners. Court records indicate he collected over $970,000 from all companies, with most of the work being done through staff linked to North Korea. Some companies also entered into cooperation contracts with U.S. government agencies, further expanding the exposure.

Vong was sentenced to 15 months in federal prison and is now under supervision for 3 years.

This incident occurred as North Korea intensified its global cyber operations.

The highest point of North Korean hacking history

In October, blockchain analytics firm Elliptic reported that hackers linked to North Korea stole over $2 billion in cryptocurrency in 2025. This marked an all-time high for annual totals.

So far, the total attributed to this regime exceeds $6 billion. These revenues are widely known to support nuclear weapons and missile development.

This year's surge was attributed to several major incidents, including the Bybit breach totaling $1.46 billion and attacks on LND.fi, WOO X, and Seedify. Analysts also connected over 30 hacks linked to North Korean groups.

Most breaches in 2025 began with social engineering rather than technical flaws. Hackers used impersonation, phishing, and fabricated support contacts to gain access to wallets. This trend indicates an increased focus on human weaknesses over code vulnerabilities.

This trend suggests that North Korea is employing a coordinated approach to expand its income and operational scope by combining internal infiltration with advanced cryptocurrency theft.