New Jersey Men Sentenced to Combined 17 Years for Running

Two New Jersey residents have received lengthy federal prison sentences for their roles in one of the most operationally sophisticated North Korean IT worker fraud schemes prosecuted to date. The Department of Justice announced that Kejia Wang, 42, was sentenced to nine years in federal prison, while Zhenxing Wang, 39, received a sentence of nearly eight years — a combined 17-year sentence reflecting the scale and national security implications of the operation.

The Scheme

The pair ran what prosecutors described as a laptop farm — a physical location stocked with US-registered laptops that North Korean nationals could remotely access to pose as legitimate American IT workers. By routing their connections through US-based hardware, the North Korean workers could bypass geolocation checks and appear as domestic employees to US companies hiring for remote IT and software development roles.

According to the DOJ, the scheme generated more than $5 million in fraudulent income that was ultimately funneled back to the government of North Korea, which uses IT worker revenue to fund its weapons programs and evade international sanctions.

How the Operation Worked

1. Recruitment — North Korean nationals (operating from North Korea, China, or other third countries) applied for remote IT contractor and software development positions at US companies under false identities
2. Identity fraud — the defendants provided stolen or fabricated US identities, including Social Security Numbers and fabricated work histories, to make the applications appear legitimate
3. Laptop farm infrastructure — laptops registered to US addresses were set up and maintained by the defendants; North Korean workers connected remotely, appearing to employers as US-based employees
4. Payroll interception — wages paid by US employers were collected by the defendants and forwarded, minus a cut, to DPRK-controlled accounts through layered financial transfers

Broader Context

The sentencing follows a years-long FBI and DOJ enforcement campaign targeting DPRK IT worker networks. In 2023, the US government issued a joint advisory with allies warning that thousands of North Korean nationals were embedded as remote workers at technology companies globally. The FBI has estimated these operations collectively generate hundreds of millions of dollars annually for Pyongyang.

Prior prosecutions have named facilitators in the US, Europe, and Asia. The Wang case is notable for the severity of the sentences — reflecting prosecutors' intent to deter others from operating domestic infrastructure in support of sanctions evasion schemes.

Indicators and Detection Guidance

Organizations hiring remote IT workers should watch for:

• Unusual login patterns — workers logging in via VPN, KVM-over-IP, or remote desktop from unexpected IP ranges
• Multiple identities on shared hardware — MAC address or device fingerprint inconsistencies
• Reluctance to appear on video — North Korean workers frequently avoid live video calls or use AI-generated faces
• Requests to redirect paychecks — rapid changes to payment accounts shortly after onboarding
• Inconsistencies in credentials — certifications or work history that cannot be independently verified

CISA and the FBI maintain guidance on detecting and reporting suspected North Korean IT worker fraud.

References

• The Record — NJ Men Sentenced for North Korean Laptop Farms
• DOJ Press Release
• FBI / CISA Advisory on DPRK IT Workers

Related Reading

• American Duo Sentenced for Hosting Laptop Farms for North
• Iran Deploys
• TA446 Deploys DarkSword iOS Exploit Kit in Targeted