Two U.S. Nationals Sentenced to Federal Prison for Running North Korean IT Worker Fraud Ring

A New Jersey man received nine years in prison and a co-defendant received more than seven years for their roles in a scheme that used "laptop farms" to enable North Korean IT workers to pose as U.S. employees at more than 100 American companies, generating over $5 million for the DPRK government, the Justice Department announced.

U.S. District Court Judge Nathaniel M. Gorton sentenced Kejia Wang, 42, of Edison, New Jersey, to 108 months in prison and Zhenxing Wang, 39, of New Brunswick, New Jersey, to 92 months. Both were also ordered to serve three years of supervised release and to forfeit a total of $600,000. The government said it has already collected $400,000 of that amount. The court ordered Kejia Wang to pay $29,236.03 in restitution.

According to the DOJ, the defendants and their co-conspirators compromised the identities of more than 80 U.S. persons from approximately 2021 through October 2024 to obtain remote jobs at more than 100 companies, including Fortune 500 firms. The scheme caused victim companies to incur at least $3 million in legal fees, network remediation costs, and other damages, the department said.

"For years, the defendants enriched themselves by assisting North Korean actors in a fraudulent scheme to gain employment with U.S. companies," said Assistant Attorney General for National Security John A. Eisenberg. "The ruse placed North Korean IT workers on the payrolls of unwitting U.S. companies and in U.S. computer systems, thereby harming our national security."

Kejia Wang pleaded guilty in September 2025 in the District of Massachusetts to conspiracy to commit wire fraud, conspiracy to commit money laundering, and conspiracy to commit identity theft. Zhenxing Wang pleaded guilty in January 2026 to conspiracy to commit wire fraud and conspiracy to commit money laundering.

According to court documents, Kejia Wang traveled twice to Shenyang and Dandong, China, in 2023 to meet with overseas actors about the scheme, including a former classmate he knew was from North Korea. He then served as the U.S.-based manager, supervising at least five facilitators who collectively hosted hundreds of company laptops at their residences, the DOJ said. Zhenxing Wang was among the facilitators who received and hosted victim company laptops, enabling overseas IT workers to access them remotely through keyboard-video-mouse switches, according to the department.

The defendants created shell companies -- Hopana Tech LLC, Tony WKJ LLC, and Independent Lab LLC -- to make it appear the overseas workers were affiliated with legitimate U.S. businesses, according to the department. The companies had no employees or operations and existed only to receive and transfer funds from victimized employers. The defendants and the four other U.S. facilitators received nearly $700,000 for their roles, the DOJ said.

"By operating so-called 'laptop farms,' these defendants enabled overseas actors to infiltrate U.S. businesses, access sensitive data and undermine our economic and national security," said U.S. Attorney Leah B. Foley for the District of Massachusetts.

The DOJ said IT workers employed under the scheme also accessed sensitive employer data and source code, including International Traffic in Arms Regulations data from a California-based defense contractor developing AI-powered equipment. Between January and April 2024, an overseas co-conspirator accessed the contractor's laptop and files containing ITAR-controlled technical data without authorization, according to the department.

In October 2024, federal law enforcement executed searches at eight locations across three states, recovering more than 70 laptops and remote-access devices. In June 2025, the FBI and Defense Criminal Investigative Service seized 17 web domains used in the scheme and 29 financial accounts holding tens of thousands of dollars in laundered funds, the DOJ said.

Eight other defendants indicted in June 2025 remain at large. The State Department's Rewards for Justice program announced a reward of up to $5 million for information leading to disruption of financial mechanisms supporting the DPRK. The FBI Las Vegas Field Office, Defense Criminal Investigative Service, and Homeland Security Investigations investigated the cases.

"Today's announcement sends a clear message: U.S. nationals who facilitate DPRK IT worker schemes and funnel revenue to North Korea will face FBI investigation and potential prison time," said FBI Cyber Division Assistant Director Brett Leatherman.

The case is part of the DOJ's DPRK RevGen: Domestic Enabler Initiative, a joint effort between the National Security Division and FBI to target the DPRK's illicit revenue generation schemes. The department has announced sentencings of other DPRK IT worker facilitators in July and December 2025 and February and March 2026.