A man residing in Maryland was sentenced to prison this week for helping North Korean IT workers infiltrate American companies.
The situation is part of a broader phenomenon in 2025, where insider access and increasing cryptocurrency theft are becoming key features of North Korea's cyber strategy.
U.S. jobs opened to North Koreans
The Ministry of Justice announced on Thursday the sentence given to Minh Phuong Ngoc Vong concerning conspiracy to commit fraud. Prosecutors showed that Vong used fake credentials to secure remote jobs in software development for North Korean citizens at 13 American companies.
According to public documents, Vong allowed a foreign operator to use his login credentials, devices, and identification to work remotely. The man, who operated from China, is believed to be North Korean.
One job posed a particular risk when a Virginia technology company hired Vong to work on a contract with the Federal Aviation Administration in 2023.
The task required U.S. citizenship and included a government-issued personal identification card. Vong installed remote access tools on the company's laptop, allowing a North Korean man to perform work from abroad unnoticed.
The company paid Vong over $28,000, and he sent part of these earnings to his foreign partners. Court documents show that he collected over $970,000 from all the companies, most of which were worked on by North Korea-linked operators. Several companies also subcontracted with him to U.S. government agencies, further expanding exposure.
Vong was sentenced to 15 months in federal prison, followed by three years of supervised release.
The case arises as North Korea intensifies its cyber operations globally.
Record year for North Korean hackers
In October, blockchain analytics firm Elliptic reported that North Korea-linked hackers had stolen over $2 billion in cryptocurrency in 2025. This figure is the largest annual amount ever recorded.
The regime's total now exceeds $6 billion. These revenues are widely believed to support nuclear and missile development.
The year's rise was due to several major events, including the $1.46 billion Bybit breach and attacks on LND.fi, WOO X, and Seedify. Analysts have also linked over 30 other hacking incidents to North Korea-related groups.
In most of the breaches in 2025, social manipulation was used instead of technical flaws. Hackers employed identity spoofing, phishing, and fabricated support to gain access to wallets. This trend highlights an increasing focus on human weaknesses rather than code vulnerabilities.
These trends indicate a coordinated approach in which North Korea combines insider infiltration with advanced cryptocurrency theft to expand both its revenues and operational activities.
