Additional Coverage:
Two U.S. Citizens Sentenced for Facilitating North Korean Cyber Scheme Funding Weapons Programs
SEOUL – Two American nationals have been sentenced to federal prison for their roles in a sophisticated scheme that helped North Korean operatives secure remote IT jobs with U.S. companies, generating millions of dollars to support Pyongyang’s weapons programs, the U.S. Justice Department announced Wednesday.
Kejia “Tony” Wang, 42, and Zhenxing “Danny” Wang, 39, both residents of New Jersey, operated what are known as “laptop farms.” These operations masked overseas workers as if they were U.S.-based employees by using stolen American identities, enabling North Korean IT personnel to gain employment with more than 100 American firms, including Fortune 500 companies and a defense contractor.
The fraudulent enterprise involved at least 80 stolen identities and brought in over $5 million for the North Korean government, according to the Justice Department.
In federal court in Boston, Senior District Judge Nathaniel M. Gorton sentenced Kejia Wang to nine years in prison, followed by three years of supervised release.
Wang pleaded guilty to conspiracy charges encompassing wire fraud, money laundering, and identity theft. Zhenxing Wang received a sentence of seven years and eight months, along with three years of supervised release, after pleading guilty to conspiracy to commit fraud and money laundering.
He was additionally ordered to pay $200,000 in restitution.
Both men were also ordered to forfeit $600,000 derived from their illicit activities.
“This case reveals a sophisticated operation that exploited stolen American identities and companies to generate millions for a hostile foreign regime,” said Leah B. Foley, U.S.
Attorney for Massachusetts. “By running these ‘laptop farms,’ the defendants allowed foreign actors to infiltrate U.S. businesses, access sensitive data, and threaten our national security.”
The scheme reportedly operated from around 2021 through October 2024. The defendants, along with co-conspirators still at large, used the stolen identities to obtain remote jobs, causing U.S. companies to incur at least $3 million in losses related to legal fees, network repairs, and other damages.
Court documents revealed that the operation exposed sensitive data-including export-controlled information regulated by the International Traffic in Arms Regulations-after an overseas co-conspirator accessed the systems of a California-based defense contractor.
Kejia Wang acted as the U.S.-based manager, overseeing facilitators who hosted hundreds of company laptops in their homes. He traveled to China in 2023 to meet with overseas co-conspirators, including a North Korean national. Zhenxing Wang was one such facilitator, enabling remote access through specialized hardware.
The two were charged in June 2025 along with eight foreign nationals who remain at large. The FBI is actively seeking these individuals, and the U.S. State Department has offered rewards up to $5 million for information leading to their capture and the disruption of the scheme’s financial networks.
This case underscores North Korea’s growing reliance on cybercrime and illicit IT work to fund its nuclear and missile programs amid stringent international sanctions. An October report from an 11-nation Multilateral Sanctions Monitoring Team described North Korea’s cyber operations as a highly sophisticated national program rivaling those of China and Russia.
The U.S. Treasury Department noted in November that North Korea had stolen over $3 billion in recent years through cyberattacks targeting financial institutions and cryptocurrency platforms. Estimates from 2022 indicate that North Korean IT workers generate hundreds of millions of dollars annually, with some earning upwards of $300,000.
The Justice Department has intensified enforcement against such operations, announcing multiple prosecutions in recent months, including the sentencing of three Americans in March and a Ukrainian national in February as part of a broader inter-agency effort.