Two citizens from the state of New Jersey in the United States were sentenced by the U.S. Federal Court for conspiracy to commit wire fraud and money laundering for participating in providing "fake remote American employee" identities for IT personnel in North Korea. The total prison term reached 16 years. According to a U.S. Department of Justice report, the two men helped North Korean IT personnel disguise themselves as remote employees living in the United States by operating so-called "laptop farms" to obtain IT positions at multiple U.S. companies. In about three years, the two men earned about $5 million in income for North Korea (officially known as the Democratic People's Republic of Korea, DPRK).
The Justice Department pointed out that the two defendants, named Kejia Wang and Zhenxing Wang, were previously arrested in June 2025 and later pleaded guilty to conspiracy to commit wire fraud and money laundering. The court finally ruled that Wang Kejia was sentenced to 9 years in prison and Wang Zhenxing was sentenced to 7 years and 8 months in prison. After they are released from prison, they will also receive three years of supervised release (similar to probation supervision). In addition, the court ordered the two men to confiscate a total of US$600,000 in illegal gains, which was deemed to be remuneration for providing services to North Korea.
John A. Eisenberg, the Justice Department's assistant attorney general for national security affairs, said in a statement that the two defendants "enriched themselves" for years by assisting North Korea-related actors in fraudulent employment schemes. He pointed out that this "scam" allowed North Korean IT employees to successfully enter the salary list of an unsuspecting American company and obtain legal employee status. They also entered the computer systems of American companies, posing a threat to U.S. national security. Eisenberg emphasized that the Department of National Security will continue to hold accountable all those who assist North Korea in illegally generating income.
The so-called "laptop farms" refer to a group of computers and network access points built by the defendants in the United States to disguise their identities. These devices appear to be work terminals used by ordinary American residents or employees, but are actually remotely controlled by IT personnel in North Korea or other overseas locations to log in to job search platforms, internal company systems and various cloud services. In this way, North Korean IT personnel can behave like "ordinary employees living in the United States" in terms of background checks and daily work behaviors, thereby bypassing compliance reviews by U.S. companies and various sanctions against North Korea.
According to past public reports and official U.S. assessments, North Korea has vigorously developed a so-called "overseas IT labor" network in recent years, trying to earn large amounts of foreign exchange by exporting software development, system maintenance, application development and other services to overseas companies. These workers usually enter the global remote work market by borrowing third countries or false identities to circumvent sanctions imposed on North Korea by the United Nations and the United States. In this case, the role played by the two American citizens was to provide technical and geographical "landing" for these disguised identities to enhance their credibility among American companies.
In this case, prosecutors believe that the two defendants clearly understood that they were assisting countries sanctioned by the United States to obtain income, and helped hide the source of funds and ultimate beneficiaries through complex fund flow arrangements, thereby committing the crime of money laundering. The Department of Justice stressed that any person or institution who helps the North Korean government or its agents circumvent U.S. sanctions, obtain U.S. dollars, or access U.S. financial and technology systems may face severe criminal charges and asset recovery.
This case also reflects the new challenges in security control of remote working and cross-border outsourcing: after global remote working has become normalized, behind a seemingly ordinary "online colleague" may be a network structure that seriously violates international sanctions and even threatens national security. U.S. law enforcement agencies stated that they will continue to monitor and crack down on technologies and services similar to "fake remote work" and "identity disguise" to prevent them from becoming new channels for sanctioned countries and organizations to obtain funds and penetrate critical systems.