Operation designation: Department 53, Democratic People's Republic of Korea. Active since approximately 2018 at present scale; doctrinal origin traced to ascent of Kim Jong Un, c. 2011. Personnel growth recorded by ROK National Intelligence Service: 6,800 (2022) -> 8,400 (2024). Annual collective revenue per U.S. Treasury: 500M USD+; per-operator ceiling 300K USD/year via simultaneous concurrent placements.

Six-stage mechanic: (1) identity fabrication via dark-web SSN/PII harvest; (2) application via remote-only software roles, frequently via staffing agencies; (3) video interview with pre-rehearsed responses or face-substitution overlay; (4) employer-issued device shipment to U.S. address controlled by facilitator; (5) operation of laptop farm with persistent remote desktop access from China/DPRK; (6) optional secondary harvest of credentials/IP.

Christina Marie Chapman, Arizona, sentenced July 2025: 102 months federal. Three-year laptop-farm operation. 300+ U.S. companies touched. 17M USD funneled. Identity compromise of 60+ Americans. Kejia Wang and Zhenxing Wang (no relation), New Jersey, sentenced April 2026: 9 years and 7.5 years respectively. 100+ companies including Fortune 500 and one unnamed defense contractor. 5M USD generated; 700K USD facilitator fees.

Defensive posture: no encryption, segmentation, or perimeter control closes this attack. The decision to hire is the breach. The defensive surface is human resources. Casefile remains open; nine additional indicted facilitators remain at large; State Department reward of 5M USD outstanding.