A Maryland man was sentenced to prison this week for helping an IT employee with ties to North Korea break into a U.S. company.
This incident fits into a broader pattern for 2025, with increased insider access and cryptocurrency theft becoming key features of North Korea’s cyber strategy.
US jobs open to North Koreans
The Department of Justice on Thursday announced the sentencing of Minh Phuong Ngoc Vuong, an American citizen convicted of conspiracy to commit wire fraud. Prosecutors have proven that Vong used false credentials to secure remote software development jobs for North Korean nationals at 13 U.S. companies.
Vong allowed foreign operators to use his login information, devices and identification documents to work remotely, according to public documents. The man was piloting the aircraft from China and is believed to be from North Korea.
When the Virginia technology company hired Vong on a Federal Aviation Administration contract in 2023, one job created special risks.
Maryland man convicted of wire fraud conspiracy https://t.co/avJWBhOWVi
— U.S. Department of Justice National Security Division (@DOJNatSec) December 4, 2025
The role required U.S. citizenship, and he was given a government-issued personal identification card. Vong installed a remote access tool on his company laptop. The move allowed the North Korean men to complete the work inconspicuously from abroad.
The company paid Mr. Vong more than $28,000, and he sent some of the proceeds to overseas partners. According to court filings, he collected more than $970,000 from all of his companies, much of the work done by operatives linked to North Korea. Several companies also subcontracted with him for U.S. government agencies, further expanding the exposure.
Mr. Vong was sentenced to 15 months in federal prison, followed by three years of supervised release.
The incident comes as North Korea intensifies its global cyber operations.
Record year of hacking by North Korea
In October, blockchain analysis firm Elliptic reported that North Korea-linked hackers stole more than $2 billion in cryptocurrencies in 2025. This figure is the highest annual total ever recorded.
The total amount belonging to the administration now exceeds $6 billion. It is widely believed that these proceeds support nuclear and missile development.
This year’s spike is due to several significant incidents, including the $1.46 billion Bybit breach and attacks on LND.fi, WOO X, and Seedify. Analysts have linked more than 30 other hacks to North Korean groups.
Most breaches in 2025 started with social engineering rather than technical flaws. Hackers used impersonation, phishing, and fabricated support contacts to gain access to wallets. This trend highlights the increasing focus on human vulnerabilities rather than code vulnerabilities.
Taken together, these trends suggest a coordinated approach by North Korea, combining insider infiltration and sophisticated crypto theft to expand both its revenue and the scale of its operations.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
