DOJ Sentences Two U.S. Nationals for North Korean IT Worker Fraud Scheme
Summary
On April 15, 2026, DOJ announced that two U.S. nationals, Kejia Wang and Zhenxing Wang, were sentenced to 108 and 92 months respectively for facilitating a North Korean IT worker scheme that compromised over 80 U.S. identities and victimized more than 100 U.S. companies. The defendants operated 'laptop farms' using stolen identities, enabling North Korean actors to infiltrate company systems with access to sensitive data, including ITAR-controlled data. The scheme netted over $5M for the North Korean government between 2021 and 2024. Eight indicted co-conspirators remain at large with a $5M reward announced.
About this source
JD Supra is the legal industry's open library where US and international law firms publish client alerts and regulatory analysis. The Trade Law section aggregates everything from partners covering customs, tariffs, sanctions enforcement, export controls, anti-dumping, CFIUS, and supply-chain compliance. Around 310 alerts a month from across the bar. Watch this if you advise on US trade policy whiplash, manage tariff exposure for a manufacturer, run an OFAC compliance program, or track EU and UK sanctions enforcement against Russia. The signal-to-noise ratio is genuinely good because firms only publish when they have something to say to their own clients. GovPing pulls each alert with the firm name, author, and topic.
What changed
DOJ secured prison sentences of 108 and 92 months for Kejia Wang and Zhenxing Wang, respectively, with supervised release and forfeiture orders. The defendants operated 'laptop farms' using stolen identities of over 80 U.S. citizens to enable co-conspirators posing as remote workers to obtain employment at more than 100 U.S. companies, with company laptops then provided remote access enabling infiltration including ITAR-controlled data, netting over $5M for the North Korean government.
Organizations that hire remote IT workers should review identity-verification procedures and monitor for signs of laptop farm schemes given that eight co-conspirators remain at large. Microsoft Threat Intelligence warned on March 6, 2026 that operatives are using AI to accelerate creation of fake identities, heightening the threat to employers.
Archived snapshot
Apr 25, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
April 24, 2026
DOJ’s Big Win in North Korean IT Worker Fraud Scheme
Linn Freedman Robinson+Cole Data Privacy + Security Insider + Follow Contact LinkedIn Facebook X ;) Embed On April 15, 2026, the Department of Justice (DOJ) announced that two U.S. nationals, Kejia Wang and Zhenxing Wang, were sentenced for facilitating a North Korean IT worker scheme that compromised over 80 U.S. identities, with sentences of 108 and 92 months respectively, supervised release, and forfeiture orders.
The scheme involved the defendants operating “laptop farms” and using the stolen identities of over 80 legitimate U.S. citizens, with co-conspirators posting as remote workers to obtain employment at more than 100 U.S. companies. Once the stolen identities were used to obtain employment, a company laptop would be sent by the unsuspecting company to the “new employee” at the laptop farm. Once the laptop was received, the operators of the laptop farms would allow remote access to the devices, enabling North Korean actors to infiltrate the companies’ system with access to sensitive data, including ITAR-controlled data. The scheme netted over $5M for the North Korean government, considered by the DOJ as a “hostile foreign regime.”
The scheme took place between 2021 and 2024. One of the defendants served as “the U.S.-based manager for the scheme, supervising at least five facilitators in the United States who collectively hosted hundreds of computers of U.S. victim companies at their residences.”
Eight indicted co-conspirators remain at large, with a $5M reward announced for information leading to disruption of DPRK financial mechanisms; previous seizures of domains and accounts occurred in June and October 2025.
KnowB4 was one of the first companies to alert others about the scheme in its July 23, 2025 blog, stating,
First of all: No illegal access was gained, and no data was lost, compromised, or exfiltrated on any KnowBe4 systems. This is not a data breach notification, there was none. See it as an organizational learning moment I am sharing with you. If it can happen to us, it can happen to almost anyone. Don’t let it happen to you.
The blog is extremely helpful in understanding how the scheme worked and how over 100 U.S. companies fell victim to it. It is also illustrative of how sophisticated and devious foreign adversaries are to obtain money to use against the U.S.
Although these two defendants have been sentenced, the North Korean worker scheme continues to be operated by others and is still a threat. As recently as March 6, 2026, Microsoft Threat Intelligence sent a warning that the operatives are now using AI to shorten the time it takes them to create fake identities to start the scheme. Companies should continue to be on the alert for remote worker fraud schemes and implement policies and procedures to prevent becoming victimized.
[View source.]
;) ;) Report
Latest Posts
- DOJ’s Big Win in North Korean IT Worker Fraud Scheme
- California’s DROP Regime will Change the Data Broker Risk Equation
- OpenAI’s New Privacy Filter: A Development with Limits
- Legal AI Delivers More Value When It is Tied to Business Outcomes
- Privacy Tip #488 – Account Change Phishing Alerts from “Apple” Are Tricking Users See more »
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.
©
Robinson+Cole Data Privacy + Security Insider
Written by:
Robinson+Cole Data Privacy + Security Insider Contact + Follow Linn Freedman + Follow more less
PUBLISH YOUR CONTENT ON JD SUPRA
- ✔ Increased readership
- ✔ Actionable analytics
- ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra
Published In:
Artificial Intelligence + Follow Criminal Prosecution + Follow Cybersecurity + Follow Data Security + Follow Department of Justice (DOJ) + Follow Enforcement Actions + Follow Foreign Adversaries + Follow Fraud + Follow ITAR + Follow National Security + Follow North Korea + Follow Social Engineering + Follow Criminal + Follow International Trade + Follow Science, Computers & Technology + Follow more less
Robinson+Cole Data Privacy + Security Insider on:
"My best business intelligence, in one easy email…"
Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra: Sign Up Log in ** By using the service, you signify your acceptance of JD Supra's Privacy Policy.* - hide - hide
Mentioned entities
Parties
Related changes
Get daily alerts for JD Supra Trade Law
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from Robinson+Cole.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when JD Supra Trade Law publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.