Two New Jersey Residents Imprisoned for Facilitating North Korean IT Worker Fraud
A federal court has handed down lengthy prison sentences to two New Jersey men who operated elaborate laptop farm networks that helped North Korean nationals fraudulently secure IT employment at more than 100 American companies. Kejia Wang, 42, was sentenced to nine years in prison, while Zhenxing Wang, 39, received a sentence of nearly eight years. The Justice Department said the scheme generated more than $5 million for the government of North Korea.
The two defendants were arrested and indicted in 2024 on allegations that they served as central figures in the operation, managing hundreds of corporate laptops and installing remote-access software that allowed overseas North Korean workers to control the devices as if they were physically present in the United States.
Scope and Timeline of the Scheme
According to court documents, the operation ran from 2021 through October 2024. During that period, the group allegedly stole the identities of approximately 80 U.S. citizens and supplied those identities to North Korean nationals, enabling them to apply for and obtain employment at several Fortune 500 companies. American businesses caught up in the scheme reportedly suffered around $3 million in losses stemming from legal fees, network remediation expenses, and related costs.
Prosecutors described Kejia Wang as the operation's primary "manager," who supervised at least five other U.S. residents who collectively hosted hundreds of computers at their homes. Among those five was Zhenxing Wang, who played a particularly active role not only in hosting devices but also in forming shell companies designed to make North Korean workers appear to be legitimately employed by U.S. businesses.
How the Laptop Farms Worked
Investigators explained that Zhenxing Wang and other U.S.-based participants received corporate laptops and kept them at their residences. Those laptops were connected to devices that law enforcement referred to as "keyboard-video-mouse" or "KVM" switches, hardware that allowed individuals overseas — in this case, North Korean IT workers — to remotely control the machines as though sitting directly in front of them.
Kejia Wang and Zhenxing Wang also established bank accounts and other financial infrastructure to support the broader operation. Kejia Wang personally traveled to Shenyang and Dandong in 2023, both cities located near the North Korea–China border, to help organize and coordinate the scheme. During those trips, he met with a former classmate whom he knew to be from North Korea.
Sensitive Defense Data Stolen
Among the more alarming revelations in the case, prosecutors noted that the North Korean IT workers involved in this specific scheme were able to steal sensitive data and source code from a California-based defense contractor that develops artificial intelligence-powered equipment and technologies. The stolen information was sensitive enough to fall under International Traffic in Arms Regulations (ITAR), according to the DOJ — a designation reserved for defense-related materials with national security implications.
Department of Defense investigator John Helsing stated that the sentences "should act as a deterrent to foreign individuals and entities attempting to illegally access and export critical defense information."
Broader Threat Posed by North Korean IT Workers
Investigators have repeatedly warned that North Korean IT workers embedded in U.S. companies frequently do more than perform routine technical tasks. Once inside corporate networks, many pass on their access to more sophisticated government-affiliated hackers, who then steal sensitive information, deploy malware, or conduct other malicious activities that go well beyond standard IT work.
FBI Cyber Division Assistant Director Brett Leatherman underscored the law enforcement message:
"Today's announcement sends a clear message: U.S. nationals who facilitate DPRK IT worker schemes and funnel revenue to North Korea will face FBI investigation and potential prison time."
Assistant Attorney General for National Security John Eisenberg said the two men "enriched themselves by assisting North Korean actors in a fraudulent scheme to gain employment with U.S. companies." U.S. Attorney Leah Foley added that "by operating so-called 'laptop farms,' these defendants enabled overseas actors to infiltrate U.S. businesses, access sensitive data and undermine our economic and national security."
Financial Penalties and Co-Conspirators
Both men pleaded guilty before sentencing. Kejia Wang entered a guilty plea in September to charges of conspiracy to commit wire fraud, conspiracy to commit money laundering, and conspiracy to commit identity theft. Zhenxing Wang pleaded guilty in January to conspiracy to commit wire fraud and conspiracy to commit money laundering. In addition to their prison terms, both will serve three years of supervised release and are required to forfeit a combined total of $600,000 paid to them by North Korea. Prosecutors indicated they had already recovered approximately $400,000 of that amount.
The two men were indicted alongside eight other individuals, the majority of whom are believed to be located in North Korea or China. In connection with those remaining defendants, the Justice Department announced a new $5 million reward for information leading to their whereabouts. Additionally, the FBI and the Department of Defense seized dozens of websites in 2024 and 2025 that were directly tied to shell companies operated by Kejia Wang and Zhenxing Wang.
A Growing Pattern of Domestic Facilitators
The case is part of a broader and increasingly visible pattern. Multiple U.S. citizens — including at least one active-duty member of the U.S. Army — have been indicted or convicted in recent months for helping North Korean IT workers by offering their identities for fraudulent job applications or by hosting laptop farm infrastructure. Federal authorities continue to treat such facilitation as a serious national security threat, with significant criminal consequences for those who participate.
Source: The Record