Two North Korean IT Worker Scheme Facilitators Jailed in the US

Summary

Kejia Wang and Zhenxing Wang were sentenced to 108 and 92 months in prison, respectively, for operating laptop farms that enabled North Korean workers to pose as US-based IT employees. Between 2021 and 2024, the scheme compromised identities of over 80 US persons, infiltrated more than 100 companies, and generated $5 million in illegal proceeds for North Korea while causing $3 million in losses to victim companies. Nine additional indicted conspirators remain at large, with a $5 million reward offered for information leading to their arrest.

Full text

Two US nationals were jailed this week for their roles in North Korean IT worker schemes that caused millions in damages to US companies. The individuals, Kejia Wang, 42, of Edison, New Jersey, and Zhenxing Wang, 39, of New Brunswick, New Jersey, were charged in June 2025, when the US stormed 29 laptop farms across 16 states. According to court documents, between 2021 and 2024, the two individuals and their co-conspirators compromised the identities of more than 80 people in the US and used them to land jobs at over 100 companies. The scheme generated over $5 million in illegal proceeds for the North Korean government and caused losses of more than $3 million to the victim companies. Kejia Wang, the documents show, supervised at least five US facilitators that ran laptop farms hosting hundreds of laptops from US victim companies. Zhenxing Wang was one of these facilitators. The facilitators hosted the laptops at their residences and connected them to devices that allowed overseas workers to access them remotely, so they could pose as IT workers based in the US.Advertisement. Scroll to continue reading. The documents presented in court also show that the two created multiple shell companies to make it look as if the overseas workers were affiliated with US-based companies. However, these businesses had no employees, and their financial accounts received millions in payments from the victim companies. Most of the funds were transferred overseas to the co-conspirators. The two, along with four other US-based facilitators, received roughly $700,000 for their participation in the scheme. Kejia Wang and Zhenxing Wang were sentenced to 108 and 92 months in prison, respectively, and ordered to forfeit a total of $600,000 in illegal proceeds. Kejia Wang was also ordered to pay over $29,000 in restitution. Nine other individuals indicted in relation to the scheme remain at large, and the US has announced a reward of up to $5 million for information leading to their arrest. The individuals are Xu Yongzhe, Huang Jingbin, Tong Yuze, Zhou Baoyu, Yuan Ziyou (Samuel Yuan), Zhou Zhenbang, Liu Menting, Liu Enchia, and Song Min Kim (also known as Chengmin Jin). Related: North Korean Hackers Target High-Profile Node.js Maintainers Related: North Korean Hackers Drain $285 Million From Drift in 10 Seconds Related: Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea Related: Ukrainian Gets 5 Years in US Prison for Aiding North Korean IT Fraud Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Splunk Enterprise Update Patches Code Execution VulnerabilityNIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical SoftwareCisco Patches Critical Vulnerabilities in Webex, ISERansomware Hits Automotive Data Expert AutovistaCapsule Security Emerges From Stealth With $7 Million in Funding100 Chrome Extensions Steal User Data, Create BackdoorMirax RAT Targeting Android Users in EuropeTwo Vulnerabilities Patched in Ivanti Neurons for ITSM Latest News Recent Apache ActiveMQ Vulnerability Exploited in the WildZionSiphon Malware Targets ICS in Water FacilitiesCursor AI Vulnerability Exposed Developer Devices53 DDoS Domains Taken Down by Law EnforcementGovernment Can’t Win the Cyber War Without the Private SectorOpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos RevealData Breach at Tennessee Hospital Affects 337,000Artemis Emerges From Stealth With $70 Million in Funding Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveThreatModeler has appointed Kevin Gallagher as Chief Executive Officer.Thomas Bain has been appointed Chief Marketing Officer at Silent Push.The United States Department of War appointed David Vaughn as Technical Advisor for Data Infrastructure.More People On The MoveExpert Insights Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email

Entities