Two American citizens have been sentenced to federal prison for orchestrating a complex scheme that supported North Korean cyber operations. This fraudulent initiative targeted over 100 U.S. companies, amassing illicit revenues exceeding $5 million, which were funneled to support the Democratic People’s Republic of Korea (DPRK) and its weapons development programs.
Details of the Sentencing
Kejia Wang, aged 42, was sentenced to 108 months, while Zhenxing Wang, 39, received a 92-month sentence. Both individuals admitted to conspiracy charges that included wire fraud, money laundering, and identity theft. The U.S. Department of Justice (DOJ) revealed that the pair operated physical sites within the United States that hosted company laptops, effectively disguising the true locations of North Korean IT operatives.
Modus Operandi of the Laptop Farm
Active from 2021 to October 2024, this multi-year operation relied on identity theft and technical deception to infiltrate major U.S. corporations, even reaching several Fortune 500 companies. The conspirators misappropriated the identities of more than 80 U.S. citizens to secure remote IT roles. To create a facade of legitimacy, they established shell companies like Hopana Tech LLC and Independent Lab LLC to launder the proceeds.
These fictitious companies had no actual employees but served as channels to move millions overseas. In exchange for their role in this scheme, the U.S.-based operators retained approximately $700,000. The consequences of this operation extended beyond financial damage, posing significant threats to U.S. national security.
Technical Aspects and National Security Threats
The DOJ highlighted several technical tactics used in the scheme. Among them was the exploitation of Keyboard-Video-Mouse (KVM) switches, which allowed North Korean workers to remotely control U.S. company laptops while appearing to log in from domestic IP addresses. This unauthorized access led to breaches of sensitive employer networks and proprietary source code repositories.
In early 2024, operatives breached a California-based defense contractor, exfiltrating technical data governed by the International Traffic in Arms Regulations (ITAR). This breach underscores the national security implications of the operation.
This significant sentencing is part of the DOJ’s broader “DPRK RevGen: Domestic Enabler Initiative.” Following raids in various states, federal agents seized numerous laptops, remote access devices, and web domains associated with the shell companies. Concurrently, the U.S. Department of State announced a $5 million reward for information leading to the capture of eight additional fugitives linked to this scheme.
The FBI and Homeland Security Investigations urge organizations to remain vigilant against remote worker fraud, emphasizing the importance of cybersecurity in safeguarding national interests.
