Disguised employment infiltrated American companies, the main suspect was sentenced and involved sensitive government systems.
A 40-year-old man from Maryland, USA, Minh Phuong Ngoc Vong, was recently sentenced to 15 months in prison for assisting North Korean IT workers in infiltrating American companies, and he will be subject to 3 years of supervision. The Justice Department pointed out that between 2021 and 2024, Vong obtained software development jobs at least 13 American companies using a fake resume, earning over 970,000 dollars in total. The actual work was carried out by members suspected to be North Korean, located overseas, including an accomplice with the code name 'John Doe'.
Some companies even appointed Vong as a contractor for federal agencies, including the Federal Aviation Administration. Because Vong gave account access and permissions to overseas teams, North Korean members could remotely access sensitive government systems from within China.
The Department of Justice emphasizes that this case highlights the threat of North Korea infiltrating American companies through 'identity disguise'. Vong reached a plea agreement with the government in January this year.
North Korean infiltration model exposed, the U.S. is comprehensively cracking down on 'laptop farms' and overseas impersonation.
The U.S. pointed out that the Vong case is just a microcosm of North Korea's long-term infiltration operations. In recent years, the U.S. has uncovered multiple cases of North Korean engineers impersonating Americans and being employed remotely, some even infiltrating the financial and crypto industries. North Korea uses this to obtain corporate secrets, develop access backdoors, and even transport large amounts of foreign currency into the country.
The United States indicted 14 North Koreans at the end of 2024, revealing their use of foreign identities to operate long-term fraud and extortion schemes. In July 2025, American influencer Christina Chapman was sentenced to over 8 years for assisting in the theft of identities of 68 Americans, allowing foreign IT workers to be hired under false names by over 300 companies. Investigations showed that the related schemes brought North Korea approximately $17 million in revenue.
Further reading
North Korean hackers exploit fake identities to infiltrate American companies! A TikTok influencer surprisingly becomes an accomplice, sentenced to 8.5 years.
To counter such infiltration, the United States has promoted a nationwide action this year, dismantling multiple 'laptop farms'. North Korean IT workers rent American homes, connect local laptops to corporate networks, and then operate remotely from overseas, disguising their geographic location. The FBI pointed out that North Korea, by impersonating American citizens for employment, aims to transport 'millions of dollars' to the Pyongyang regime and emphasized that companies must enhance their alertness to remote hiring.
On-chain attacks continue to escalate, with the crypto industry becoming one of North Korea's main targets.
In addition to using employment channels to infiltrate companies, North Korea also continues to invade cryptocurrency companies and trading platforms through hacker organizations, becoming an important source of income. Blockchain analytics company Elliptic pointed out that North Korean hackers had stolen over $2 billion by 2025, with the total amount of stolen digital assets exceeding $6 billion in recent years, funds used for Pyongyang's nuclear and missile programs.
Historically targeted subjects include major exchanges like Bybit and Upbit, as well as multiple crypto companies. Some attack patterns echo North Korea's infiltration employment strategies: first obtaining internal information under false identities, followed by further system intrusions or wallet key theft.
With the exposure of the Vong case, the U.S. government once again warns companies to raise their review standards for remote engineers and applicants in the crypto industry. U.S. law enforcement emphasizes that the scale of North Korean infiltration is huge and continues to expand. If companies do not strengthen cybersecurity and identity verification, they risk becoming the next target for exploitation.
Further reading
The United States has targeted North Korean hacker APT38! Successfully recovered 15 million USDT, all five co-conspirators pleaded guilty.
As AI becomes smarter, hackers become more dangerous! North Korean hackers keep up with the times, using ChatGPT to forge identities.
Taiwanese set up a laptop farm! Helped North Korean hackers defraud $5 million, and additionally stole $900,000 in assets.
This content has been compiled by Crypto Agent from various sources, reviewed and edited by (Crypto City). It is still in the training phase, and there may be logical biases or information inaccuracies. The content is for reference only and should not be considered investment advice.
'North Korean engineers infiltrate American companies through fake job applications! Involved in a data security storm, the main suspect sentenced to 15 months.' This article was originally published in 'Crypto City'.