Two US citizens sentenced after running laptop farms that let North Korean IT workers pose as Americans

April 16, 2026
aisecurityprivacybusiness
A minimalist black and white image of a laptop keyboard on a dark fabric surface.
Photo by Алексей Вечерин on Pexels

What happened

Two New Jersey residents, Kejia Wang and Zhenxing Wang, were sentenced this week after pleading guilty to conspiracy to commit wire fraud and money laundering for operating laptop farms that placed North Korean IT workers on U.S. payrolls, the Department of Justice said. Kejia Wang received a nine‑year sentence; Zhenxing Wang was given seven years and eight months. Both will serve three years of supervised release afterward and must forfeit $600,000 paid to them in connection with the scheme.

How the scheme worked

According to the DOJ, the pair and co‑conspirators stole the identities of more than 80 U.S. persons to secure jobs for North Korean workers at over 100 American companies, including several Fortune 500 firms. The breaches cost affected businesses more than $3 million in legal bills, network remediation and other damages. The defendants set up shell companies — names like Hopana Tech LLC and Tony WKJ LLC — to launder payments and make the operation look legitimate.

The wider implications

Prosecutors say the ruse put foreign operatives inside U.S. computer systems, posing a national security risk. “For years, the defendants enriched themselves by assisting North Korean actors,” the Assistant Attorney General for National Security said in a statement. It has been reported that similar operations have been uncovered across the country — 29 laptop farms in 16 states, other convictions, and claims that the DPRK nets hundreds of millions annually from fake IT workers. Who do you trust when "remote" can mean thousands of miles and a whole other country? That uneasy feeling? It’s warranted.

Why it matters

This case is another reminder that remote‑work conveniences are a double‑edged sword. Employers vet resumes and run background checks, but identity theft and sham companies can still slip through. The DOJ’s focus here signals tougher enforcement — and a warning shot to anyone helping foreign adversaries monetize cyber deception.

Sources: tomshardware.com