NEW WORLD TIMES
LIVE
RETURN TO MAINFRAME
CLASSIFICATION: CYBER WARFARETHREAT LEVEL 2DECRYPTED: 4/25/2026

China and North Korea Push Into Different Layers of U.S. Networks

VISUAL EVIDENCE
China and North Korea Push Into Different Layers of U.S. Networks

The warnings coming out of Washington over the past year point to two different routes into U.S. networks. One runs through telecommunications backbones and high-value systems. The other moves through job applications, payroll systems and crypto rails, turning ordinary companies into both access points and revenue streams.

The Infrastructure Breach


According to official enforcement actions and public victim notifications disclosed in August and September 2025, the PRC-linked Salt Typhoon campaign had infiltrated multiple telecommunications companies, stolen personal data tied to millions of Americans and triggered victim notifications in at least 80 countries. That followed a March 2025 Justice Department indictment against Chinese nationals tied to the PRC government and APT27, alleging years-long intrusions into U.S. technology firms, defense contractors, municipalities, universities and infrastructure linked to the Treasury Department. According to DOJ charging papers, some of the stolen data was later brokered for sale rather than simply held for intelligence use.

The Economic Infiltration


The North Korean track looked different, but no less embedded in civilian systems. In a June 2025 enforcement action, the Justice Department announced nationwide action against DPRK remote IT worker schemes, including searches of 29 suspected laptop farms across 16 states. Prosecutors said workers using false identities obtained jobs at more than 100 U.S. companies and, in some cases, reached export-controlled military technology. The same cases included the theft of more than $900,000 in virtual currency, tying employment fraud directly to illicit finance.

By March and April 2026, Treasury releases and Justice Department statements described a wider funnel. Authorities said DPRK-linked facilitators had converted about $2.5 million in illicit IT-worker earnings into cryptocurrency. In a related U.S.-facilitator scheme, authorities said at least 80 stolen identities were used to place workers at more than 100 American companies and generate more than $5 million for the regime.

A Durable Shift


The campaigns are not the same, and public enforcement actions have not described them as coordinated. But the cases do point to an emerging pattern across civilian infrastructure. Chinese-linked actors have been accused of seeking persistent access inside communications systems and other sensitive networks. North Korean operators, under sanctions pressure, have used remote work fraud and digital payments to raise money from inside the U.S. private sector while gaining another route into company systems.

That leaves a harder, still unsettled problem than any single indictment or takedown. The cases suggest civilian networks are increasingly being used in more than one way at once: as places to collect data, maintain access, move money and exploit false identities. Whether that amounts to a durable shift is still playing out across court filings, enforcement actions and the companies caught in the middle.