Two US nationals jailed over scheme that generated $5 million for the North Korean regime

Two US nationals have been sentenced for their role in a scheme that placed North Korean IT workers inside American companies under false identities. Over several years, the operation used stolen identities from at least 80 US individuals and brought in more than $5 million for the North Korean government.

Kejia Wang was sentenced to 108 months in prison, and Zhenxing Wang to 92 months. Both pleaded guilty to wire fraud and money laundering charges, with Kejia Wang also pleading guilty to identity theft conspiracy.

Court documents show the activity ran from around 2021 through October 2024. During that time, the defendants and their co-conspirators secured remote jobs at more than 100 US companies, including large corporations, by using false identities. The affected companies reported at least $3 million in losses tied to legal fees, network remediation, and related damage.

Kejia Wang acted as a US-based manager for the operation. He traveled to China in 2023 to meet overseas contacts, including an associate he knew was from North Korea. He later supervised at least five US-based facilitators who hosted company-issued laptops in their homes.

Zhenxing Wang was among those facilitators. He and others received laptops from victim companies and set them up for remote access, allowing overseas workers to log in and operate them from abroad. This included the use of keyboard-video-mouse (KVM) switches, hardware that enables remote control while making activity appear to originate within the United States.

To support the operation, the defendants created shell companies to give the impression that the workers were tied to legitimate US businesses. These entities had no staff or business activity and were used to receive payments from employers.

“The financial accounts established by the two defendants for these shell companies ultimately received millions of dollars from victimized U.S. companies, much of which was subsequently transferred to overseas co-conspirators,” prosecutors said.

The defendants and other facilitators collected nearly $700,000 for their roles.

The operation also exposed sensitive corporate data. In one case, an overseas participant accessed systems belonging to a US-based defense contractor and obtained technical information, including data subject to export controls under International Traffic in Arms Regulations. Authorities said the access took place over several weeks in early 2024 and involved company laptops and internal files.

“This case exposes a sophisticated scheme that exploited stolen American identities and US companies to generate millions of dollars for a hostile foreign regime. By operating so-called ‘laptop farms,’ these defendants enabled overseas actors to infiltrate US businesses, access sensitive data and undermine our economic and national security,” noted U.S. Attorney Leah B. Foley for the District of Massachusetts.

Law enforcement agencies have increased attention on these operations in recent years. Officials warn that hiring processes built for remote work can be exploited when identity checks rely on documents that can be forged or stolen.

The Justice Department has urged companies to strengthen hiring controls, verify worker identities, and monitor unusual login activity.