Two Americans Sentenced for Running North Korean IT Worker Fraud Scheme That Stole $5 Million

A Sophisticated Scam Targeting American Companies

Two U.S. citizens have been handed significant prison sentences for orchestrating a sprawling fraud operation that allowed North Korean workers to infiltrate American companies under false identities. On Wednesday, the Department of Justice announced the sentencing of Kejia Wang and Zhenxing Wang, both New Jersey residents, to seven-and-a-half and nine years in prison respectively. Their crime: building the infrastructure that enabled North Korean IT workers to pose as American employees working remotely from U.S. soil.

The operation was remarkably audacious in scale. Between 2021 and 2024, the scheme successfully placed fake IT workers on the payrolls of more than 100 U.S. corporations, including multiple Fortune 500 companies. The fraudsters stole the identities of more than 80 Americans to create a veneer of legitimacy. The North Korean government netted approximately $5 million from the scheme, while the American facilitators pocketed nearly $700,000 in compensation for their roles.

"The ruse placed North Korean IT workers on the payrolls of unwitting U.S. companies and in U.S. computer systems, thereby harming our national security"

How the "Laptop Farm" Operation Worked

At the heart of the scheme was a deceptively simple but effective mechanism: "laptop farms" operated on American soil. Kejia Wang oversaw the operation of hundreds of computers physically located in the United States, while his co-conspirator Zhenxing Wang even hosted laptops in his home. This infrastructure allowed North Korean nationals to remotely connect to these American-based machines and work as if they were physically present in the country.

The two defendants went further to legitimize the operation by creating shell companies with financial accounts linked to the fake identities. Millions of dollars in fraudulent wages flowed through these accounts before being transferred overseas. The entire scheme was designed to obscure the true nature of the payments and make detection by employer security teams nearly impossible.

The consequences extended beyond financial theft. In at least one documented case, the fake IT workers managed to access and steal data under export control from an unnamed California-based artificial intelligence company—a particularly alarming development given the sensitive nature of AI technology and national security implications.

A Symptom of a Larger North Korean Apparatus

This sentencing represents just one battle in what prosecutors describe as a much larger war. The U.S. government has been aggressively pursuing North Korean infiltration schemes for years, and this case is merely the latest legal action against an operation that has compromised hundreds of American and Western companies.

The context makes the threat even more menacing. North Korea's government, heavily sanctioned and economically isolated from much of the world, has turned to cybercrime as a crucial revenue source. Beyond fake IT worker schemes, North Korean hackers orchestrated cryptocurrency thefts exceeding $2 billion in just the past year alone. These schemes effectively bankroll the regime's weapons development program—making cybercrime a matter of national security, not just corporate fraud.

"The North Korean government uses this type of fraud to fund its regime and weapons' program"

Defensive Tactics: From Unconventional Screening to Rewards

In response to the growing threat, some companies and recruiters have developed creative—and sometimes darkly humorous—countermeasures. One viral video captured an ingenious interview technique: asking suspected North Korean applicants to insult Kim Jong-Un. In North Korea, such criticism is illegal, making it an effective litmus test. In the recorded interview, the applicant visibly fumbled when asked to say "Kim Jong Un is a fat ugly pig" and eventually disconnected from the call entirely—a telling reaction that exposed the deception.

The federal government is also leveraging financial incentives to combat the threat. The DOJ announced rewards of up to $5 million for information that could help counter these schemes, with specific bounties for data on nine individuals allegedly connected to Wang and Wang's operation. This combination of clever defensive tactics and financial incentives reflects the seriousness with which U.S. authorities view the threat—and the difficulty of detecting such schemes without insider information.