Two Americans Jailed for Enabling North Korean IT Fraud Operation
Two US citizens from New Jersey were sentenced to federal prison this week after being convicted of operating infrastructure that allowed North Korean nationals to fraudulently obtain remote employment at American companies. Kejia Wang, 42, of Edison, New Jersey, received a sentence of 108 months, while Zhenxing Wang, 39, of New Brunswick, New Jersey, was sentenced to 92 months. Both were additionally ordered to forfeit a combined total of $600,000 in illegal proceeds, and Kejia Wang was further ordered to pay over $29,000 in restitution.
Charges and the Scale of the Operation
The pair were formally charged in June 2025 as part of a sweeping law enforcement action that saw authorities raid 29 laptop farms spread across 16 states. Court documents reveal that between 2021 and 2024, the two defendants and their co-conspirators stole and exploited the identities of more than 80 US residents to secure remote employment at over 100 American companies.
The scheme was remarkably lucrative. In total, it generated over $5 million in illegal proceeds that ultimately benefited the North Korean government, while inflicting more than $3 million in losses on the victim companies whose identities and employment systems were abused.
How the Laptop Farm Infrastructure Worked
At the center of the operation was a network of physical laptop farms — locations where large numbers of company-issued laptops were covertly hosted on behalf of overseas workers. Kejia Wang supervised at least five US-based facilitators who collectively maintained hundreds of laptops originally issued by victim companies. Zhenxing Wang was among those facilitators working under his direction.
The facilitators operated out of their own residences, connecting the laptops to remote access devices that allowed overseas workers — physically located outside the United States — to log into the machines and perform their job duties. This allowed the North Korean workers to convincingly pose as US-based IT professionals, fooling employers into believing they had hired domestic talent.
Shell Companies Used to Launder Proceeds
To add a layer of legitimacy to the operation, the defendants created multiple shell companies designed to give the appearance that the overseas workers were employed by or affiliated with US-based businesses. In reality, these entities had no genuine employees and existed solely to receive and funnel payments.
Financial accounts tied to these shell companies received millions of dollars in salary payments from victim companies. The vast majority of those funds were then transferred overseas to co-conspirators. The six US-based facilitators involved in the scheme — including both Wang defendants — collectively received approximately $700,000 for their participation.
Nine Indicted Suspects Remain at Large
While Kejia Wang and Zhenxing Wang have now been sentenced, nine other individuals indicted in connection with the same scheme remain fugitives. The US government has announced a reward of up to $5 million for information leading to the arrest of any of these individuals. The outstanding suspects are:
- Xu Yongzhe
- Huang Jingbin
- Tong Yuze
- Zhou Baoyu
- Yuan Ziyou (also known as Samuel Yuan)
- Zhou Zhenbang
- Liu Menting
- Liu Enchia
- Song Min Kim (also known as Chengmin Jin)
Part of a Broader North Korean Revenue-Generation Campaign
This case is one of several high-profile prosecutions connected to North Korea's systematic use of fraudulent IT workers to generate foreign currency for the regime. The strategy involves placing skilled workers — often operating from countries in Asia and Eastern Europe — into remote technology jobs at Western companies, with the wages funneled back to state-controlled entities in Pyongyang.
US facilitators like those convicted in this case play a critical enabling role. By hosting physical laptop infrastructure and establishing fraudulent corporate entities, they provide the operational cover that makes these overseas workers appear credible and locally based to unsuspecting employers.
The June 2025 enforcement action that led to these charges was one of the most expansive domestic crackdowns on this type of infrastructure to date, targeting 29 separate laptop farm locations in 16 states simultaneously. The breadth of the operation underscores how deeply embedded such schemes have become within the US remote work ecosystem.
Ongoing Threat to US Employers
Authorities continue to urge US companies — particularly those hiring for remote IT, software development, and cybersecurity roles — to implement rigorous identity verification measures during the hiring process. The use of stolen identities combined with physical laptop farms and shell company fronts makes these fraudulent workers difficult to detect through standard background checks alone.
The conviction and sentencing of Kejia Wang and Zhenxing Wang represent a significant step in dismantling one of these networks, but with nine suspects still at large and the financial incentives for North Korea remaining strong, the threat is far from eliminated.
Source: SecurityWeek