Two US Nationals Sentenced for Running Fake IT Worker Network for North Korea

A federal court in New Jersey has handed down prison sentences to two American citizens for orchestrating a sophisticated North Korean IT worker scam that funneled millions of dollars to the Pyongyang regime. The scheme, which spanned several years, involved stolen identities and remote laptop farms, ultimately defrauding over 100 US companies — including several Fortune 500 firms.

On April 15, the US Justice Department announced that Kejia Wang, 42, and Zhenxing Wang, 39, were sentenced to 108 months and 92 months in prison, respectively. Both had pleaded guilty to conspiracy to commit wire fraud and money laundering; Zhenxing Wang also admitted to identity theft.

How the North Korean IT Worker Scam Operated

The fake IT worker scheme relied on a network of stolen identities — at least 80 American citizens — to apply for remote tech jobs at US companies. The perpetrators then set up laptop farms at their homes in New Jersey, where they received company-issued computers intended for legitimate remote workers.

Once the laptops were in hand, the duo provided North Korean IT workers with remote access, allowing them to pose as American employees. This gave the DPRK government access to sensitive data and source code from military contractors and AI firms, generating over $5 million in illicit revenue.

The Role of Shell Companies

To conceal the operation, Kejia Wang and Zhenxing Wang created shell companies with matching bank accounts. These entities made it appear as though the North Korean workers were affiliated with legitimate US businesses. As a result, American companies unknowingly transferred hundreds of thousands of dollars in salaries to these accounts, which were then laundered and sent to North Korea.

Fortune 500 Companies Among Victims

Court documents reveal that the North Korean remote worker fraud targeted more than 100 organizations, including several Fortune 500 companies. Kejia Wang acted as the US-based manager, supervising at least five other individuals involved in the scheme.

This case highlights the growing threat of North Korean IT worker scams, where foreign operatives exploit remote work trends to infiltrate corporate networks. The FBI has warned that such schemes are becoming more common, especially in tech and defense sectors.

FBI Investigation and Ongoing Manhunt

Assistant Director Brett Leatherman of the FBI’s Cyber Division stated, “Today’s announcement sends a clear message: US nationals who facilitate DPRK IT worker schemes and funnel revenue to North Korea will face FBI investigation and potential prison time.”

However, eight other individuals indicted in connection with the identity theft conspiracy remain at large. The FBI continues to pursue these co-conspirators, urging anyone with information to come forward.

Protecting Your Business from Similar Scams

Companies hiring remote IT workers should implement rigorous identity verification processes. For more tips, read our guide on how to protect your business from North Korean IT worker scams. Additionally, monitoring for unusual access patterns and conducting background checks can help prevent such fraud.

This case serves as a stark reminder that the North Korean IT worker scam not only harms businesses financially but also poses national security risks. As remote work continues to expand, so does the potential for exploitation by foreign adversaries.