US Nationals Behind DPRK IT Worker 'Laptop Farm' Sent to Prison

Two U.S. nationals have been sentenced to prison for their roles in a sophisticated scheme that enabled North Korean IT workers to infiltrate American companies by posing as U.S. residents. The operation, which generated millions in illicit revenue for the North Korean government, highlights the ongoing threat of state-sponsored cyber operations targeting the U.S. tech sector.

The Scheme and Its Scale

Kejia Wang, 42, and Zhenxing Wang, 39, operated what authorities describe as a "laptop farm" operation between 2021 and October 2024. During this period, they helped North Korean IT workers secure employment with over 100 companies across the United States, including numerous Fortune 500 firms.

The defendants created an elaborate infrastructure to support their scheme, establishing financial accounts, fake websites, and multiple shell companies including Tony WKJ LLC, Hopana Tech LLC, and Independent Lab LLC. These entities were designed to make it appear that North Korean workers were affiliated with legitimate U.S. businesses.

Zhenxing Wang went further by hosting company-issued laptops in homes across the United States, allowing remote North Korean IT workers to access corporate networks without raising suspicion. This physical presence of equipment within U.S. borders helped bypass security measures that might flag foreign IP addresses or unusual login patterns.

Financial Impact and National Security Implications

The operation generated more than $5 million in illicit revenue for the DPRK government while causing an estimated $3 million in financial damages to companies that unknowingly hired these workers. The scheme exploited the identities of more than 80 U.S. citizens, creating fake documentation including driver's licenses and Social Security cards.

Assistant Attorney General for National Security John A. Eisenberg emphasized the national security implications: "The ruse placed North Korean IT workers on the payrolls of unwitting U.S. companies and in U.S. computer systems, thereby harming our national security."

This case represents a significant escalation in North Korea's use of IT workers as a revenue stream. The FBI has been warning about this threat since at least 2023, noting that the DPRK maintains a large army of thousands of IT workers who use stolen identities to secure employment with hundreds of American companies.

The Sentences

Kejia Wang received a sentence of 108 months (nine years) in prison after pleading guilty in September 2025. Zhenxing Wang was sentenced to 92 months (approximately seven years and eight months) after pleading guilty in January 2026 to conspiracy to commit money laundering and conspiracy to commit wire fraud.

In a related case, Ukrainian national Oleksandr Didenko was sentenced to five years in prison in February 2026. Didenko pleaded guilty in November 2025 to wire fraud conspiracy and aggravated identity theft for providing North Korean IT workers with stolen identities that facilitated their infiltration of U.S. companies.

Ongoing Investigation

Nine other defendants linked to the same scheme remain at large after being charged in June 2025. The U.S. State Department has announced a reward of up to $5 million for information leading to their arrest, specifically targeting information that could help disrupt illicit activities supporting North Korea's weapons of mass destruction program.

This case underscores the sophisticated methods employed by state-sponsored actors to circumvent sanctions and generate revenue through cybercrime. The use of American nationals to facilitate these operations demonstrates the complex networks that North Korea has developed to access the global tech economy despite international restrictions.

The sentencing of these individuals sends a clear message about the serious consequences of participating in schemes that compromise U.S. national security, even when operating at arm's length from the primary threat actors. As companies continue to embrace remote work arrangements, the need for robust identity verification and security measures has never been more critical.