Two U.S. nationals were sentenced to federal prison for helping North Korean operatives obtain remote IT jobs, the Justice Department said Wednesday. This photo from the Department shows North Korean IT workers that were allegedly part of a scheme to help Pyongyang fund its weapons programs. Photo courtesy of U.S. Department of Justice/X
Two U.S. nationals were sentenced to federal prison for helping North Korean operatives obtain remote IT jobs with American companies in a scheme that generated millions of dollars for Pyongyang’s weapons programs, the Justice Department said Wednesday.
New Jersey residents Kejia “Tony” Wang, 42, and Zhenxing “Danny” Wang, 39, operated so-called “laptop farms” that made it appear as though overseas workers were based in the United States, allowing North Korean IT personnel to secure jobs using stolen American identities.
The scheme used identities from at least 80 individuals and generated more than $5 million in revenue for the North Korean government, the department said in a press release.
Kejia Wang was sentenced to nine years in prison by U.S. Senior District Judge Nathaniel M. Gorton in federal court in Boston, followed by three years of supervised release, after pleading guilty to conspiracy charges including wire fraud, money laundering and identity theft.
Zhenxing Wang was sentenced to seven years and eight months in prison by the same court, followed by three years of supervised release, after pleading guilty to conspiracy to commit fraud and money laundering. He was also ordered to pay $200,000 in restitution.
The two were additionally ordered to forfeit $600,000 in proceeds tied to the operation.
“This case exposes a sophisticated scheme that exploited stolen American identities and U.S. companies to generate millions of dollars for a hostile foreign regime,” U.S. Attorney for Massachusetts Leah B. Foley said. “By operating so-called ‘laptop farms,’ these defendants enabled overseas actors to infiltrate U.S. businesses, access sensitive data and undermine our economic and national security.”
Prosecutors said the scheme ran from about 2021 through October 2024, with the defendants and their co-conspirators using stolen identities to obtain remote jobs at more than 100 U.S. companies, including several Fortune 500 firms and a defense contractor.
Companies incurred at least $3 million in losses from legal fees, network remediation and other damages, the Justice Department said.
The operation also exposed sensitive data, including export-controlled information governed by International Traffic in Arms Regulations, after an overseas co-conspirator accessed systems belonging to a California-based defense contractor, according to court documents.
Kejia Wang acted as the U.S.-based manager for the operation, overseeing multiple facilitators who hosted hundreds of company-issued laptops at their residences. He also traveled to China in 2023 to meet overseas co-conspirators, including a North Korean national, according to court filings.
Zhenxing Wang was among the facilitators who hosted company laptops and enabled remote access by connecting them to specialized hardware devices.
The two were charged in June 2025 alongside eight foreign nationals who remain at large and are wanted by the FBI.
In a related move, the U.S. State Department on Wednesday offered a reward of up to $5 million for information on the eight co-conspirators, as well as one suspected North Korean IT worker, leading to the disruption of the scheme’s financial networks.
The case comes as North Korea, under heavy international sanctions, has increasingly turned to cybercrime and illicit IT work to generate revenue for its nuclear and ballistic missile programs.
An October report by the 11-country Multilateral Sanctions Monitoring Team described North Korea’s cyber operations as “a full-spectrum national program operating at a sophistication approaching the cyber programs of China and Russia.”
The report said nearly all of the country’s cyber activity, illicit IT work and financial operations are carried out under the direction of entities sanctioned by the United Nations over Pyongyang’s weapons programs.
The U.S. Treasury Department said in November that North Korea had stolen more than $3 billion over the previous three years through cyberattacks on financial institutions and cryptocurrency platforms.
A 2022 Treasury advisory estimated that North Korean IT workers generate hundreds of millions of dollars annually, with some individuals earning more than $300,000 a year.
The Justice Department has stepped up enforcement as part of an inter-agency effort in recent years, announcing multiple related prosecutions, including the sentencing of three Americans in March and a Ukrainian national in February.
