Federal prosecutors have sent two New Jersey men to prison for helping North Korean operatives pose as US-based remote technology workers, marking the latest courtroom milestone in Washington’s widening effort to choke off revenue streams tied to Pyongyang’s weapons programmes. The US Justice Department said Kejia Wang, 42, of Edison, was sentenced to 108 months in prison, while Zhenxing Wang, 39, of New Brunswick, received 92 months, after both admitted roles in a scheme that placed North Korean workers at more than 100 US companies.
Prosecutors said the pair helped run “laptop farms”, a tactic that allows overseas workers to appear physically present in the United States by remotely accessing employer-issued computers kept inside American homes. According to court papers, the operation ran from about 2021 to October 2024, used the stolen identities of more than 80 people in the United States, generated more than $5 million for North Korea, and left victim companies facing at least $3 million in legal, remediation and other costs. The affected employers included many Fortune 500 groups.
The Justice Department said Kejia Wang acted as a US-based manager for the network after travelling to Shenyang and Dandong in China in 2023 to meet overseas actors, including a former classmate he knew was from North Korea. He then supervised at least five facilitators in the United States who hosted hundreds of company laptops in their homes. Zhenxing Wang was described as one of those facilitators, receiving laptops and helping overseas workers connect to them through keyboard-video-mouse switches and other remote-access hardware.
Authorities said the two men also created shell businesses, including Hopana Tech LLC, Tony WKJ LLC and Independent Lab LLC, to make the overseas workers look like employees of legitimate American companies. Those entities, prosecutors said, had no genuine staff or operations and were used to channel millions of dollars from victim companies before much of the money was transferred abroad. The defendants and four other US-based facilitators collectively received nearly $700,000 for their roles, while the court ordered the two men to forfeit $600,000, of which $400,000 had already been recovered by the government as of Wednesday’s announcement.
The case underlines why US officials have shifted from treating the North Korean IT-worker problem as a sanctions issue alone to framing it as a corporate-security and national-security threat. Prosecutors said workers placed through the scheme gained access to sensitive employer data and source code, including export-controlled technical information governed by International Traffic in Arms Regulations at a California defence contractor developing artificial-intelligence-based equipment. The unauthorised access to those files took place between January and April 2024, according to the department.
That broader threat picture has been building for months. Reuters reported in May 2024 that federal prosecutors had described a separate North Korea-linked network infiltrating more than 300 US firms, including banks and Fortune 500 companies, while using stolen identities and US-based laptop farms to conceal the workers’ true locations. The State Department said at the time that one such scheme had generated at least $6.8 million, and prosecutors warned that some attempts had also targeted US government agencies.
Since then, the crackdown has accelerated. A January 2025 Justice Department indictment described North Korean IT workers as part of a years-long plot to evade sanctions and raise money for the regime, while a July 2025 sentencing in Arizona sent Christina Marie Chapman to prison for more than eight years over a separate scheme that authorities said touched more than 300 companies and generated more than $17 million. Federal officials announced in November 2025 that the cases were being pursued under a joint National Security Division and FBI effort aimed at domestic enablers of North Korean revenue generation.
Treasury has also tightened financial pressure. On 12 March 2026, the Office of Foreign Assets Control sanctioned six individuals and two entities over state-directed North Korean IT-worker fraud, saying such operations generated nearly $800 million in 2024 to support weapons of mass destruction programmes. That figure suggests the laptop-farm cases reaching US courts may represent only one slice of a much larger transnational financing system that blends identity theft, fake corporate fronts, remote work platforms and, increasingly, cryptocurrency channels.
Prosecutors said the pair helped run “laptop farms”, a tactic that allows overseas workers to appear physically present in the United States by remotely accessing employer-issued computers kept inside American homes. According to court papers, the operation ran from about 2021 to October 2024, used the stolen identities of more than 80 people in the United States, generated more than $5 million for North Korea, and left victim companies facing at least $3 million in legal, remediation and other costs. The affected employers included many Fortune 500 groups.
The Justice Department said Kejia Wang acted as a US-based manager for the network after travelling to Shenyang and Dandong in China in 2023 to meet overseas actors, including a former classmate he knew was from North Korea. He then supervised at least five facilitators in the United States who hosted hundreds of company laptops in their homes. Zhenxing Wang was described as one of those facilitators, receiving laptops and helping overseas workers connect to them through keyboard-video-mouse switches and other remote-access hardware.
Authorities said the two men also created shell businesses, including Hopana Tech LLC, Tony WKJ LLC and Independent Lab LLC, to make the overseas workers look like employees of legitimate American companies. Those entities, prosecutors said, had no genuine staff or operations and were used to channel millions of dollars from victim companies before much of the money was transferred abroad. The defendants and four other US-based facilitators collectively received nearly $700,000 for their roles, while the court ordered the two men to forfeit $600,000, of which $400,000 had already been recovered by the government as of Wednesday’s announcement.
The case underlines why US officials have shifted from treating the North Korean IT-worker problem as a sanctions issue alone to framing it as a corporate-security and national-security threat. Prosecutors said workers placed through the scheme gained access to sensitive employer data and source code, including export-controlled technical information governed by International Traffic in Arms Regulations at a California defence contractor developing artificial-intelligence-based equipment. The unauthorised access to those files took place between January and April 2024, according to the department.
That broader threat picture has been building for months. Reuters reported in May 2024 that federal prosecutors had described a separate North Korea-linked network infiltrating more than 300 US firms, including banks and Fortune 500 companies, while using stolen identities and US-based laptop farms to conceal the workers’ true locations. The State Department said at the time that one such scheme had generated at least $6.8 million, and prosecutors warned that some attempts had also targeted US government agencies.
Since then, the crackdown has accelerated. A January 2025 Justice Department indictment described North Korean IT workers as part of a years-long plot to evade sanctions and raise money for the regime, while a July 2025 sentencing in Arizona sent Christina Marie Chapman to prison for more than eight years over a separate scheme that authorities said touched more than 300 companies and generated more than $17 million. Federal officials announced in November 2025 that the cases were being pursued under a joint National Security Division and FBI effort aimed at domestic enablers of North Korean revenue generation.
Treasury has also tightened financial pressure. On 12 March 2026, the Office of Foreign Assets Control sanctioned six individuals and two entities over state-directed North Korean IT-worker fraud, saying such operations generated nearly $800 million in 2024 to support weapons of mass destruction programmes. That figure suggests the laptop-farm cases reaching US courts may represent only one slice of a much larger transnational financing system that blends identity theft, fake corporate fronts, remote work platforms and, increasingly, cryptocurrency channels.
Topics
Technology