Two Americans Sentenced for Aiding North Korean IT Worker Fraud Scheme
In a significant legal development, two U.S. citizens, Kejia Wang and Zhenxing Wang, have been sentenced to seven and a half years and nine years in prison, respectively, for their involvement in a scheme that enabled the North Korean government to infiltrate American companies with fraudulent IT workers. This operation resulted in North Korea illicitly obtaining approximately $5 million.
The U.S. Department of Justice (DOJ) announced the sentencing on April 16, 2026, highlighting the sophisticated methods employed by the defendants. Both New Jersey residents, Kejia and Zhenxing, were instrumental in establishing and managing laptop farms within the United States. These setups comprised hundreds of computers that North Korean operatives remotely accessed, creating the illusion that they were U.S.-based employees.
The fraudulent scheme was extensive, involving the theft of identities from over 80 Americans and securing positions in more than 100 U.S. corporations, including several Fortune 500 companies. This not only provided North Korean IT workers with salaries but also, in certain instances, facilitated the theft of trade secrets and proprietary source code. John A. Eisenberg, the DOJ’s Assistant Attorney General for National Security, emphasized the gravity of the situation, stating, The ruse placed North Korean IT workers on the payrolls of unwitting U.S. companies and in U.S. computer systems, thereby harming our national security.
Between 2021 and 2024, Kejia Wang oversaw the operation of these extensive laptop farms, while Zhenxing Wang hosted several of these devices in his residence. The duo also established shell companies with financial accounts linked to the fraudulent IT workers, effectively funneling millions of dollars, which were subsequently transferred overseas. In return for their services, Kejia, Zhenxing, and four other U.S.-based facilitators received nearly $700,000 collectively.
One particularly alarming incident involved the unauthorized access and theft of export-controlled data from an unnamed California-based artificial intelligence company. This breach underscores the potential national security risks posed by such infiltration schemes.
In response to these developments, the U.S. government has announced rewards of up to $5 million for information that could aid in countering similar schemes. This includes data on nine individuals who allegedly collaborated with Kejia and Zhenxing.
This case is part of a broader pattern of North Korean cyber operations aimed at circumventing international sanctions and funding its regime. In recent years, North Korean operatives have successfully infiltrated numerous Western companies by posing as remote IT workers, investors, and recruiters. These activities have not only generated substantial revenue but have also facilitated the theft of sensitive information and intellectual property.
To combat this growing threat, some companies and recruiters have adopted innovative strategies. One such method involves asking suspected North Korean applicants to make derogatory statements about the country’s leader, Kim Jong Un, during interviews. Given the severe penalties for such actions within North Korea, this tactic can effectively identify and deter fraudulent applicants. A recent viral video showcased a job interview where the applicant became visibly uncomfortable and terminated the call when asked to insult Kim Jong Un.
The sentencing of Kejia and Zhenxing Wang serves as a stark reminder of the persistent and evolving cyber threats posed by North Korean operatives. It underscores the importance of vigilance and robust security measures within organizations to prevent unauthorized access and protect sensitive information.
