The “Laptop Farm” Fallout: Two NJ Men Sentenced for Facilitating $5M North Korean Work Scheme
Ddos 
In what federal prosecutors are calling a sophisticated strike against national security, two New Jersey residents have been sentenced to significant prison terms for running a “laptop farm” that allowed North Korean IT workers to infiltrate over 100 U.S. companies.
The scheme, which operated from 2021 until late 2024, exploited the stolen identities of at least 80 Americans and funneled more than $5 million in illicit revenue to the Democratic People’s Republic of Korea (DPRK).
U.S. District Court Judge Nathaniel M. Gorton handed down the sentences this week in the District of Massachusetts, signaling a zero-tolerance policy for those aiding foreign adversaries from within U.S. borders.
| Defendant | Residence | Sentence | Key Charges |
| Kejia Wang (42) | Edison, NJ | 108 Months | Wire fraud, money laundering, and identity theft conspiracy. |
| Zhenxing Wang (39) | New Brunswick, NJ | 92 Months | Wire fraud and money laundering conspiracy. |
In addition to prison time, the duo must serve three years of supervised release and forfeit $600,000. Kejia Wang was also ordered to pay nearly $30,000 in restitution.
The technical core of the fraud relied on physical hardware located in New Jersey residences. The defendants served as the U.S.-based infrastructure providers, ensuring that North Korean workers located overseas appeared to be logging in from local American IP addresses.
To achieve this, the facilitators used Keyboard-Video-Mouse (KVM) switches. These hardware devices allowed the overseas IT workers to remotely control laptops provided by unwitting U.S. employers as if they were sitting right in front of them.
“By operating so-called ‘laptop farms,’ these defendants enabled overseas actors to infiltrate U.S. businesses, access sensitive data and undermine our economic and national security,” said U.S. Attorney Leah B. Foley.
To bypass corporate vetting and financial monitoring, the Wangs created a series of shell companies with no legitimate operations:
- Hopana Tech LLC
- Tony WKJ LLC
- Independent Lab LLC
These entities allowed the North Korean actors to appear as legitimate U.S.-based contractors. The financial accounts tied to these shells received millions of dollars in salary payments, much of which was subsequently laundered and transferred to overseas co-conspirators.
The risk wasn’t merely financial. Because these workers were embedded in U.S. computer systems, they gained access to highly sensitive proprietary information.
The DOJ revealed that one North Korean worker gained access to International Traffic in Arms Regulations (ITAR) data from a California-based defense contractor specializing in Artificial Intelligence-powered equipment. Between January and April 2024, the co-conspirator remotely accessed files containing restricted technical data.
While the New Jersey facilitators are now behind bars, the battle is far from over. Eight other defendants indicted in June 2025 remain at large. The State Department’s Rewards for Justice program is currently offering up to $5 million for information leading to the disruption of these financial mechanisms.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
