Zhenxing Danny Wang and Kejia Tony Wang Sentenced for North Korea IT Worker Scheme

Two Americans were sentenced to prison for their roles in a covert North Korea-linked scheme that prosecutors said generated $5 million for the North Korean regime while placing operatives inside U.S. businesses under false identities.

“Two Americans have been sentenced to years in prison for their roles in a covert scheme that defrauded major US companies while generating $5 million for the North Korean regime, the Justice Department said Wednesday”

CNN

CNN reported that Zhenxing “Danny” Wang, 39, and Kejia “Tony” Wang, 42—both of New Jersey—were alleged middlemen in a conspiracy that defrauded major US companies, with a federal court in Boston sentencing Zhenxing Wang to over seven years in prison and Kejia Wang to nine years in prison.

CNN

TechCrunch similarly said the U.S. Department of Justice announced the sentencing of Kejia Wang and Zhenxing Wang, both New Jersey residents, for helping the North Korean government place remote IT workers in American companies, and it described the scheme as netting North Korea around $5 million.

CyberScoop added that the Justice Department said the U.S. nationals were part of a years-long conspiracy that placed operatives in jobs at more than 100 U.S. companies, including many Fortune 500 companies, based in 27 states and the District of Columbia.

The Register framed the outcome as a combined punishment, saying the Americans who masterminded the fraud were sentenced to “200 months behind bars,” while also stating the pair were jailed for helping North Korea generate $5m through fraudulent IT worker schemes.

Across the coverage, the core mechanism was the use of “laptop farms” or clusters of U.S. company-issued computers that allowed overseas tech workers to connect and appear to be working from within the United States.

Prosecutors described the laptop-farm operation as infrastructure that enabled North Korean IT workers to gain a foothold inside major American companies, including by using U.S.-based computers to draw salaries and, in at least one case, steal export-controlled data.

CNN said the “laptop farms” were “clusters of US company-issued computers” that Wang and Wang allegedly managed from their homes in the US, and it reported that those laptops gave the overseas tech workers a foothold into major American companies to draw salaries and “in one case steal export-controlled data from a California-based defense contractor.”

CyberScoop

TechCrunch likewise said the two were accused of providing infrastructure for the fraudulent scheme, in particular for running or managing so-called “laptop farms” inside the U.S., which allowed North Koreans to connect to the laptops and appear like they were living and working in the country.

CyberScoop added that the conspiracy involved shell companies posing as software development firms, money laundering, and espionage with national security implications, and it said operatives stole sensitive files from a California-based defense contractor related to U.S. military technology controlled under International Traffic in Arms Regulations (ITAR).

Help Net Security described the operation as exposing sensitive corporate data, saying that in one case an overseas participant accessed systems belonging to a US-based defense contractor and obtained technical information, including data subject to export controls under International Traffic in Arms Regulations.

Across these accounts, the scheme’s scale was tied to identity theft and corporate access: CNN said at least 80 US persons had their identity stolen, while CyberScoop said the operatives placed in jobs at more than 100 U.S. companies were based in 27 states and the District of Columbia.

The sentencing coverage tied the laptop-farm infrastructure to identity theft, shell companies, and financial flows designed to make the employment appear legitimate while moving illicit proceeds back to North Korea.

“Dos ciudadanos estadounidenses fueron sentenciados a prisión por ayudar a Corea del Norte a infiltrar trabajadores remotos falsos en compañías de EE”

DiarioBitcoin

CNN said the scheme involved tricking Fortune 500 companies to hire overseas tech workers who stole the identities of various Americans, and it reported that the two men allegedly set up front companies in New Jersey to falsely claim that the tech workers were authorized to work in the US.

CyberScoop specified that the conspiracy placed operatives in jobs at more than 100 U.S. companies, including many Fortune 500 companies, and it said the elaborate scheme involved shell companies posing as software development firms and money laundering.

It also said Kejia Wang, 42, Zhenxing Wang, 39, and their co-conspirators stole the identities of at least 80 U.S. residents and collected at least $696,000 in fees combined, while U.S. victim companies incurred legal fees, remediation costs and other damages and losses exceeding $3 million.

TechCrunch described the payments as “nearly $700,000” for the facilitators’ roles and said the two also created shell companies with financial accounts linked to the fake IT workers to funnel payments amounting to millions of dollars that were later transferred overseas.

CNN further described the revenue destination, saying the $5 million in revenue was “laundered to Chinese accounts controlled by the conspirators, which includes North Korean nationals,” and it said U.S. officials were able to seize tens of thousands of dollars last year, a fraction of the stolen $5 million.

U.S. officials and researchers portrayed the scheme not just as fraud but as a national-security threat that could enable intellectual property theft, network disruption, and other hostile activities.

TechCrunch quoted John A. Eisenberg, the DOJ’s assistant attorney general for National Security, saying, “The ruse placed North Korean IT workers on the payrolls of unwitting U.S. companies and in U.S. computer systems, thereby harming our national security.”

Help Net Security

CyberScoop quoted Michael Barnhart, nation state investigator at DTEX, warning that “DPRK IT workers are not limited to revenue generation,” and it said that “When tasked, they can operationalize their placement and access to support strategic intelligence requirements, including intellectual property theft, network disruption or extortion.”

CyberScoop also quoted Barnhart saying, “Not all IT workers can be hackers but every North Korean hacker can or has been an IT worker,” and it added that “This distinction matters for insider‑threat analysis because unlike typical fraudulent hires motivated by personal financial gain, IT workers can inflict national‑security‑level damage.”

Help Net Security quoted U.S. Attorney Leah B. Foley for the District of Massachusetts, stating, “This case exposes a sophisticated scheme that exploited stolen American identities and US companies to generate millions of dollars for a hostile foreign regime.”

The reporting also described how insider-risk assessments could be bypassed, with CyberScoop saying the front companies “reflect a higher level of tradecraft that exploits a weak spot in insider risk assessments because threats aren’t always a malicious person trying to break into a network,” and it quoted Barnhart: “Sometimes it looks like an entire company appearing clean on paper.”

While the sentencing marked a major enforcement step, the reporting emphasized that the operation was part of a broader pattern and that authorities were still pursuing additional people and related assets.

“Two men from New Jersey have been sentenced to prison for their roles in a scheme that helped North Korean operatives infiltrate U”

Kursiv Media

CNN said the State Department on Wednesday offered up to $5 million for information on several other people allegedly involved in generating revenue for the North Korean regime, and it said the U.S. government has tried to crack down on the schemes while publicly and privately warning companies across the country of the evolving threat from North Korean IT workers.

Kursiv Media

CyberScoop said the sentencing came as part of law enforcement targeting U.S.-based facilitators who provide forged or stolen identities and laptop farms for North Korean operatives, and it said authorities were also seizing cryptocurrency linked to theft.

The Register stated that U.S. authorities were still on the hunt for “a further eight individuals alleged to have participated in the scheme and one North Korean IT worker, all of whom remain at large.”

Tom’s Hardware described a wider enforcement footprint, saying other operations like this have been busted by the U.S. government, including “29 laptop farms across 16 states” uncovered by the Department of Justice in mid-2025.

Help Net Security added that the Justice Department urged companies to strengthen hiring controls, verify worker identities, and monitor unusual login activity, and it warned that hiring processes built for remote work can be exploited when identity checks rely on documents that can be forged or stolen.