(Credit: traffic_analyzer via Getty Images)
A new investigation from the Justice Department has uncovered North Koreans obtaining remote IT jobs at over 100 US companies with the help of people living in the US.
Federal agents also searched 29 known or suspected "laptop farms" in 16 states, which enabled the North Koreans to remotely connect to corporate-issued PCs without entering the US.
"This scheme appears to be more pervasive than ever," a US official told journalists in a briefing. "Many Fortune 500 companies" and a California-based defense contractor have been infiltrated. "Once employed, the North Korean IT workers received regular salary payments, and they gained access to, and in some cases stole, sensitive employer information such as export controlled US military technology and virtual currency," the Justice Department added.
Federal investigators have uncovered previous schemes from North Koreans to trick US employers into hiring them as remote workers. But Monday’s announcement underscores how widespread the threat has become, despite a crackdown in January.
“Between June 10 and June 17, 2025, the FBI executed searches of 21 premises across 14 states hosting known and suspected laptop farms,” the Justice Department added. “In total, the FBI seized approximately 137 laptops.”
(Credit: ilkaydede via Getty Images)To pull off the scheme, the North Koreans stole the identities of more than 80 US persons. They also received help from at least six people living in the US, including in California and New York. Federal investigators have charged two of those US-based facilitators: Zhenxing “Danny” Wang, and Kejia “Tony” Wang, both of New Jersey, who are US citizens who allegedly conspired with the North Koreans to obtain the jobs.
“Kejia Wang, for example, communicated with overseas co-conspirators and IT workers, and traveled to Shenyang and Dandong, China, including in 2023, to meet with them about the scheme,” the Justice Department says.
The scammers also took ownership of the corporate-issued PCs in the US to prevent the hiring companies from learning that the remote workers were actually based in North Korea. Those PCs made it easy for the North Koreans to remotely access internal data at the companies that hired them, including confidential information, such as computer source code.
One of the unnamed US-based facilitators is "a California resident, an active-duty member of the United States military, and a Secret clearance holder who, in exchange for a fee, hosted US victim company laptops at Individual C's residence and facilitated remote access to the laptops by overseas IT workers.”
Both Kejia and Danny Wang also created shell companies with websites and financial accounts designed to make it look like the North Koreans were affiliated with legitimate US businesses. “In exchange for their services, Kejia Wang, Zhenxing Wang, and the four other US facilitators received a total of at least $696,000 from the IT workers,” the Justice Department said.
Danny Wang has been arrested; Kejia's whereabouts are unknown. As part of Monday’s announcement, the Justice Department identified and charged a group of North Koreans, along with Chinese nationals, who were involved in the scheme. In addition, two Taiwanese nationals were charged for setting up bank accounts involved in the alleged money laundering. The scheme’s goal was to generate funds for their North Korean regime, which continues to face sanctions from the US and other western governments.