Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms.
42-year-old Kejia Wang and 39-year-old Zhenxing Wang were charged in June 2025 following a coordinated law enforcement action against the Democratic People’s Republic of Korea (DPRK) government’s fundraising operations led by the U.S. Department of Justice (DoJ).
According to court documents, between 2021 and October 2024, the two generated more than $5 million in illicit revenue for the DPRK’s government and an estimated $3 million in financial damages to companies that hired North Korean workers who were using the stolen identities of more than 80 U.S. citizens.
As part of their scheme, they created financial accounts, fake websites, and multiple shell companies (e.g., Tony WKJ LLC, Hopana Tech LLC, Independent Lab LLC) to make it appear that DPRK workers were affiliated with legitimate U.S. businesses and collect payments.
Zhenxing Wang also hosted company-issued laptops in homes across the United States to help remote North Korean IT workers access the companies’ networks without raising suspicion.
“For years, the defendants enriched themselves by assisting North Korean actors in a fraudulent scheme to gain employment with U.S. companies,” said Assistant Attorney General for National Security John A. Eisenberg. “The ruse placed North Korean IT workers on the payrolls of unwitting U.S. companies and in U.S. computer systems, thereby harming our national security.”
Nine other defendants linked to the same scheme, who were also charged in June 2025, remain at large. The U.S. State Department has announced a reward of up to $5 million for information on the suspects, which can help disrupt illicit activities that support North Korea’s weapons of mass destruction (WMD) program.
Kejia Wang was sentenced to 108 months in prison after pleading guilty to his role in the scheme in September 2025, and Zhenxing Wang to 92 months after pleading guilty in January 2026 to conspiracy to commit money laundering and conspiracy to commit wire fraud.
In February, Ukrainian national Oleksandr Didenko, who pleaded guilty in November 2025 to wire fraud conspiracy and aggravated identity theft, was also sentenced to five years in prison for providing DPRK IT workers with stolen identities that helped them infiltrate U.S. companies.
The FBI has been warning about North Korean threat actors impersonating U.S.-based IT staff since at least 2023.
As the FBI also repeatedly noted, the DPRK maintains a large army of thousands of IT workers who use stolen identities to secure employment with hundreds of American companies.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
