This month, Kejia “Tony” Wang, a 42-year-old from New Jersey, received a nine-year prison sentence from a federal judge in Massachusetts for leading an extensive international fraud operation. Prosecutors noted the scheme facilitated the placement of North Korean IT workers into tech jobs at over 100 American companies, including multiple Fortune 500 firms.
Wang’s operation spanned three years and involved the identity theft of more than 80 Americans. The fraudulent activities included forging social security cards and California driver’s licenses with images of North Korean operatives, submitting false employment forms to the Department of Homeland Security, and altering tax documents sent to the IRS and Social Security Administration. The employed North Koreans, using stolen identities, amassed over $5 million in salaries from their victimized companies. The repercussions from the scheme, when it was eventually discovered, inflicted at least $3 million in legal fees and IT clean-up costs across 28 states and the District of Columbia. Another implicated individual, Zhenxing Wang, 39, received nearly eight years in prison; collectively, they were ordered to forfeit $600,000 obtained from the fraud.
The sentencing of the Wangs marks an alarming increase in the number of Americans convicted of aiding North Korean leader Kim Jong Un’s government, totaling at least seven since the previous year. This group includes a variety of individuals, from a former U.S. Army soldier to a nail technician and a woman from Arizona. All were involved in enabling North Koreans to collect substantial salaries for remote IT work. The surge in active cases began in 2025 with Christina Chapman, who garnered considerable attention for her operation that helped North Korean agents secure jobs at 309 companies while earning $17.1 million. Officials claim that the salaries earned through these schemes are diverted back to the North Korean government to finance nuclear weapons development.
At a recent UN committee meeting, Jonathan Fritz, a senior official in East Asia Pacific affairs, highlighted the severity of the situation. “North Korea uses the money it steals through these operations to fund unlawful development of weapons of mass destruction—nuclear bombs, for example, and ballistic missiles,” he stated.
The recent trend of severe prison sentences aims to serve as a deterrent for Americans who might consider participating in these fraudulent schemes. However, investigators warn that this is merely the tip of the iceberg regarding U.S. involvement in the fraud apparatus. The spectrum of American facilitators ranges from the sophisticated to the naive, with many having distanced themselves from the scheme years prior. Yet the identities involved continue to circulate, often without the original owners’ knowledge.
This elaborate fraud scheme relies primarily on two types of American identities. In Wang’s case, identities were harvested from background-check databases and used alongside forged documents. In other instances, participants have willingly rented their identities, often engaging in interviews and even assuming roles within the companies to provide cover for North Korean operatives posing as American IT workers. This complex relationship blurs the lines between victimhood and complicity; some facilitators claim to be victims after the fact.
The North Korean IT worker scheme, where operatives secure remote tech jobs in U.S. and European companies, is part of a larger campaign generating around $2.8 billion in the last two years to support the country’s nuclear ambitions. The scheme has reportedly affected 40 countries worldwide. A significant portion of the revenue originates from cryptocurrency theft, while the IT worker fraud yields between $250 million and $600 million per year.
Fritz noted that North Korean IT workers leverage advanced methods to assume American identities. They might exploit sophisticated technology, including artificial intelligence that can convincingly replicate an American accent during job interviews. Evan Gordenker from Palo Alto Networks described a highly organized system established by the North Korean regime, where gaining employment has become its own objective, facilitated by specialists in resume crafting and interview preparation.
As U.S. governmental priorities have pivoted toward other international concerns such as Venezuela and China, the monitoring of DPRK infiltration could face resource constraints. Investigators like Michael “Barni” Barnhart point out that, while the extent of American facilitators’ involvement varies, many American identities have been exploited in the scheme, even after the individuals cease contact.
Barnhart and an investigative team tracked several American identities on the fringes of this scheme, revealing that some identities still circulate despite signals from law enforcement and cybersecurity firms flagging them as compromised. An operation they set up in 2024 intended to lure DPRK IT workers and their facilitators exposed the lengths to which these schemes go.
During a ruse, a candidate who claimed to be from Austin, Texas, appeared for a live interview but failed to demonstrate local cultural knowledge. Upon further investigation, Barnhart discovered that the candidate, “David,” presented a genuine government-issued ID and successfully passed screening, demonstrating that real Americans are often unwittingly caught up in these fraud schemes.
While Barnhart and his network strive to expose the involvement of such facilitators, they have encountered varying levels of cooperation and knowledge among individuals connected to the scheme. Many, like David and another facilitator, Aaron, deny any wrongdoing, with both claiming to have been victims of identity theft.
Despite the potential for prosecution, many facilitators operate without repercussions, suggesting that the complexity of the scheme may shield them from facing charges. The identities involved in this intricate web of fraud often maintain an active presence, acting as conduits for North Korean operatives while the original identity holders may remain unaware of their ongoing involvement.
Ultimately, this situation highlights significant challenges in distinguishing between victims and conspirators in a scheme that exploits vulnerabilities inherent in the American hiring process. The implications of such fraud span beyond financial costs, affecting the job market and economic opportunities for legitimate workers in the United States. Cybersecurity experts stress the urgent need for reform in hiring practices to prevent further exploitation. The stakes involved are particularly critical, as the roles that North Korean operatives are usurping offer well-paying, flexible job options that would be highly beneficial for vulnerable American workers.
