Two U.S. Nationals Sentenced for Running Laptop Farm for DPRK Remote Workers

Two American nationals have been sentenced to federal prison for operating a sophisticated “laptop farm” scheme.

The operation successfully infiltrated over 100 U.S. companies, generating more than $5 million in illicit revenue to fund the Democratic People’s Republic of Korea (DPRK) and its weapons programs.

Kejia Wang, 42, received a 108-month prison sentence, while his co-conspirator, Zhenxing Wang, 39, received a 92-month sentence. Both individuals pleaded guilty to conspiracy charges involving wire fraud, money laundering, and identity theft.

According to federal prosecutors, the duo managed physical locations in the U.S. to host company-issued laptops, masking the true overseas locations of North Korean IT workers.

This sentencing is part of a massive ongoing nationwide crackdown on similar DPRK fraud networks.

The Laptop Farm Modus Operandi

The multi-year operation, active between 2021 and October 2024, relied heavily on identity theft and technical deception.

The perpetrators compromised the identities of more than 80 U.S. citizens to secure remote IT roles at major American corporations, including several Fortune 500 companies.

To create the illusion of legitimate domestic operations, the Wangs established multiple shell companies such as Hopana Tech LLC and Independent Lab LLC to launder the illicit salaries.

These phantom entities had no real employees but served as financial conduits to funnel millions of dollars to overseas co-conspirators.

In return for their facilitation, the U.S.-based operators kept nearly $700,000. The infiltration extended beyond financial fraud, posing severe risks to U.S. national security.

According to the DOJ, the scheme resulted in critical data breaches and at least $3 million in remediation costs.

Key technical details of the compromise include:

• KVM Switch Exploitation: The operators connected victim companies’ laptops to Keyboard-Video-Mouse (KVM) switches, enabling overseas workers to remotely access the devices while appearing to log in from U.S. residential IP addresses.
• Source Code Theft: Unauthorized remote access granted North Korean operatives entry into sensitive employer networks and proprietary source code repositories.
• ITAR Data Exfiltration: In early 2024, overseas actors successfully breached a California-based defense contractor, stealing artificial intelligence technical data explicitly controlled under the International Traffic in Arms Regulations (ITAR).

This sentencing represents a major milestone in the DOJ’s “DPRK RevGen: Domestic Enabler Initiative.” Following raids across multiple states, federal agents seized dozens of laptops, remote access devices, and web domains tied to the shell companies.

Simultaneously, the U.S. Department of State announced a $5 million reward for information leading to the disruption of eight additional fugitive co-conspirators involved in the financial mechanisms supporting this DPRK scheme.

The FBI and Homeland Security Investigations emphasize that organizations must remain vigilant against remote worker fraud.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.