A Maryland man has pleaded guilty to fraud after landing a job with a contractor working on US government software, and then outsourcing the work to a self-described North Korean developer in China.

Minh Phuong Ngoc Vong is a Vietnamese-born naturalized US citizen. He recently [1]pleaded guilty conspiracy to commit wire fraud for his role in a multi-year scheme that defraud US companies into hiring him as a remote software developer, while the actual work was carried out by individuals overseas. He was [2]indicted in May 2024.

According to prosecutors, Vong conspired with a foreign national living in Shenyang, China, who described himself in online communications as a North Korean software developer. In January 2023, the overseas coder used Vong's identity to submit a bogus resume to a Virginia-based technology company seeking a full-stack web developer. The resume falsely claimed Vong held a bachelor's degree and had 16 years of experience - qualifications Vong did not possess. In reality, he worked at a nail salon in Bowie, Maryland.

[3]

Vong participated in multiple job interviews to land the position, then got assigned to work on a contract for the Federal Aviation Administration. The DoJ describes the contract as "part of a national defense program to develop software used by various other government entities that would allow them to coordinate aviation assets effectively."

[4]

[5]

To enable the overseas developer to work on the project, Vong installed remote access software on a company-issued laptop, allowing access from China while masking the user's location. The self-described North Korean then used that access to perform software development work related to the FAA contract between March and July 2023, the DoJ alleged.

But that wasn't the only job Vong farmed out. As part of his guilty plea, he admitted to similar frauds targeting at least 13 US companies between 2021 and 2024, several of which also contracted his services to federal agencies.

[6]How to spot a North Korean agent before they get comfy inside payroll

[7]The one interview question that will protect you from North Korean fake workers

[8]North Koreans clone open source projects to plant backdoors, steal credentials

[9]'How not to hire a North Korean plant posing as a techie' guide updated by US and South Korean authorities

"As a result of Vong's fraudulent misrepresentations, these government agencies unknowingly granted Vong's co-conspirators access to sensitive US government systems, which they accessed from China," the DoJ said. The scheme reportedly netted Vong more than $970,000 in salary for work he didn't do.

It's not the first time North Korean workers have posed as domestic US IT professionals, with various scams reportedly funneling [10]tens of millions of dollars back to Pyongyang.

[11]

Europe is [12]increasingly being targeted as well, and Japanese citizens have been [13]caught allegedly assisting North Korean workers by helping them pose as domestic hires. In many cases, foreign workers rely on local enablers to receive and set up company-issued laptops, which are then connected to so-called " [14]laptop farms ." This obscures their actual location and allows them to appear as if they're working from within the target country.

It's not clear whether Vong's motive was financial gain or espionage - we've asked the FBI, but they declined to comment. Either way, he's due to be sentenced in August, and faces up to 20 years in prison. ®

Get our [15]Tech Resources



[1] https://www.justice.gov/opa/pr/maryland-man-pleads-guilty-conspiracy-commit-wire-fraud

[2] https://www.justice.gov/usao-md/pr/criminal-complaint-charges-two-men-conspiracy-commit-wire-fraud

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aBKdfh3ezlDjyunEIgh3nwAAABE&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aBKdfh3ezlDjyunEIgh3nwAAABE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aBKdfh3ezlDjyunEIgh3nwAAABE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[6] https://www.theregister.com/2024/09/24/mandiant_north_korea_workers/

[7] https://www.theregister.com/2025/04/29/north_korea_worker_interview_questions/

[8] https://www.theregister.com/2025/01/29/lazarus_groups_supply_chain_attack/

[9] https://www.theregister.com/2023/10/19/north_korea_fake_freelance_avoidance/

[10] https://www.theregister.com/2024/12/13/doj_dpkr_fake_tech_worker_indictment/

[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aBKdfh3ezlDjyunEIgh3nwAAABE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[12] https://www.theregister.com/2025/04/02/north_korean_fake_techies_target_europe/

[13] https://www.theregister.com/2024/03/28/japan_nk_arrests/

[14] https://www.theregister.com/2024/07/24/knowbe4_north_korean/

[15] https://whitepapers.theregister.com/