THREATNOIR
Subscribe
Back to Feed
Nation-stateApr 16, 2026

US nationals behind DPRK IT worker 'laptop farm' sent to prison

Two US nationals sentenced to prison for running laptop farm enabling North Korean IT workers to infiltrate 100+ US

Read at source

Summary

Kejia Wang and Zhenxing Wang were imprisoned for orchestrating a scheme between 2021–2024 that generated over $5 million for the DPRK government by placing remote North Korean IT workers in US companies using stolen identities and fake credentials. The defendants created shell companies, fraudulent websites, and hosted company-issued laptops across the US to disguise the operation. Nine additional suspects remain at large, with the State Department offering up to $5 million for information leading to their capture.

Full text

US nationals behind DPRK IT worker 'laptop farm' sent to prison By Sergiu Gatlan April 16, 2026 04:32 AM 0 Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. 42-year-old Kejia Wang and 39-year-old Zhenxing Wang were charged in June 2025 following a coordinated law enforcement action against the Democratic People's Republic of Korea (DPRK) government's fundraising operations led by the U.S. Department of Justice (DoJ). According to court documents, between 2021 and October 2024, the two generated more than $5 million in illicit revenue for the DPRK's government and an estimated $3 million in financial damages to companies that hired North Korean workers who were using the stolen identities of more than 80 U.S. citizens. As part of their scheme, they created financial accounts, fake websites, and multiple shell companies (e.g., Tony WKJ LLC, Hopana Tech LLC, Independent Lab LLC) to make it appear that DPRK workers were affiliated with legitimate U.S. businesses and collect payments. Zhenxing Wang also hosted company-issued laptops in homes across the United States to help remote North Korean IT workers access the companies' networks without raising suspicion. "For years, the defendants enriched themselves by assisting North Korean actors in a fraudulent scheme to gain employment with U.S. companies," said Assistant Attorney General for National Security John A. Eisenberg. "The ruse placed North Korean IT workers on the payrolls of unwitting U.S. companies and in U.S. computer systems, thereby harming our national security." Fake driver's license and Social Security card (DOJ) ​Nine other defendants linked to the same scheme, who were also charged in June 2025, remain at large. The U.S. State Department has announced a reward of up to $5 million for information on the suspects, which can help disrupt illicit activities that support North Korea's weapons of mass destruction (WMD) program. Kejia Wang was sentenced to 108 months in prison after pleading guilty to his role in the scheme in September 2025, and Zhenxing Wang to 92 months after pleading guilty in January 2026 to conspiracy to commit money laundering and conspiracy to commit wire fraud. In February, Ukrainian national Oleksandr Didenko, who pleaded guilty in November 2025 to wire fraud conspiracy and aggravated identity theft, was also sentenced to five years in prison for providing DPRK IT workers with stolen identities that helped them infiltrate U.S. companies. The FBI has been warning about North Korean threat actors impersonating U.S.-based IT staff since at least 2023. As the FBI also repeatedly noted, the DPRK maintains a large army of thousands of IT workers who use stolen identities to secure employment with hundreds of American companies. Automated Pentesting Covers Only 1 of 6 Surfaces. Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation. Get Your Copy Now Related Articles: Ukrainian gets 5 years for helping North Koreans infiltrate US firmsNearly 4,000 US industrial devices exposed to Iranian cyberattacksOver 20,000 crypto fraud victims identified in international crackdownCISA orders feds to patch exploited Ivanti EPMM flaw by SundayFBI: Americans lost a record $21 billion to cybercrime last year

Indicators of Compromise

  • malware — DPRK IT worker impersonation campaign

Entities

Democratic People's Republic of Korea (DPRK) (threat_actor)Kejia Wang (threat_actor)Zhenxing Wang (threat_actor)Oleksandr Didenko (threat_actor)DPRK IT worker infiltration campaign (campaign)