Two North Korean IT Worker Scheme Facilitators Jailed in the US

Two US nationals were jailed this week for their roles in North Korean IT worker schemes that caused millions in damages to US companies. The individuals, Kejia Wang, 42, of Edison, New Jersey, and Zhenxing Wang, 39, of New Brunswick, New Jersey, were charged in June 2025, when the US stormed 29 laptop farms across 16 states. According to court documents, between 2021 and 2024, the two individuals and their co-conspirators compromised the identities of more than 80 people in the US and used them to land jobs at over 100 companies. The scheme generated over $5 million in illegal proceeds for the North Korean government and caused losses of more than $3 million to the victim companies. Kejia Wang, the documents show, supervised at least five US facilitators that ran laptop farms hosting hundreds of laptops from US victim companies. Zhenxing Wang was one of these facilitators. The facilitators hosted the laptops at their residences and connected them to devices that allowed overseas workers to access them remotely, so they could pose as IT workers based in the US. The documents presented in court also show that the two created multiple shell companies to make it look as if the overseas workers were affiliated with US-based companies. However, these businesses had no employees, and their financial accounts received millions in payments from the victim companies. Most of the funds were transferred overseas to the co-conspirators. The two, along with four other US-based facilitators, received roughly $700,000 for their participation in the scheme. Kejia Wang and Zhenxing Wang were sentenced to 108 and 92 months in prison, respectively, and ordered to forfeit a total of $600,000 in illegal proceeds. Kejia Wang was also ordered to pay over $29,000 in restitution. Nine other individuals indicted in relation to the scheme remain at large, and the US has announced a reward of up to $5 million for information leading to their arrest. The individuals are Xu Yongzhe, Huang Jingbin, Tong Yuze, Zhou Baoyu, Yuan Ziyou (Samuel Yuan), Zhou Zhenbang, Liu Menting, Liu Enchia, and Song Min Kim (also known as Chengmin Jin). Related: North Korean Hackers Target High-Profile Node.js Maintainers Related: North Korean Hackers Drain $285 Million From Drift in 10 Seconds Related: Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea Related: Ukrainian Gets 5 Years in US Prison for Aiding North Korean IT Fraud WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Artemis Emerges From Stealth With $70 Million in Funding Splunk Enterprise Update Patches Code Execution Vulnerability NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software Cisco Patches Critical Vulnerabilities in Webex, ISE Ransomware Hits Automotive Data Expert Autovista Capsule Security Emerges From Stealth With $7 Million in Funding 100 Chrome Extensions Steal User Data, Create Backdoor Mirax RAT Targeting Android Users in Europe Latest News In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested Another DraftKings Hacker Sentenced to Prison Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed Recent Apache ActiveMQ Vulnerability Exploited in the Wild ZionSiphon Malware Targets ICS in Water Facilities Cursor AI Vulnerability Exposed Developer Devices 53 DDoS Domains Taken Down by Law Enforcement Government Can’t Win the Cyber War Without the Private Sector Trending Webinar: A Step-By-Step Approach To AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move ThreatModeler has appointed Kevin Gallagher as Chief Executive Officer. Thomas Bain has been appointed Chief Marketing Officer at Silent Push. The United States Department of War appointed David Vaughn as Technical Advisor for Data Infrastructure. More People On The Move Expert Insights Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) Flipboard Reddit Whatsapp Email