BREAKING NEWS – Kejia Wang, the 42-year-old U.S. national from Edison, New Jersey, has been sentenced to 108 months (nine years) in prison for his central role in a sophisticated multi-year scheme that funneled over $5 million in illicit revenue to the North Korean government. The sentencing, handed down on Monday, April 20, 2026, by U.S. District Court Judge Nathaniel M. Gorton, marks a significant victory for the U.S. Department of Justice in its efforts to disrupt North Korea’s illicit funding mechanisms.
Wang, also known as “Tony Wang,” pleaded guilty to conspiracy to commit wire fraud, conspiracy to commit money laundering, and conspiracy to commit identity theft. The elaborate operation allowed North Korean IT workers to fraudulently secure remote employment at more than 100 U.S. companies, including numerous Fortune 500 firms and a defense contractor, ultimately generating funds believed to support North Korea’s weapons programs.
The Charges Against Kejia Wang
Kejia Wang’s conviction stems from his leadership of a complex criminal enterprise that ran from approximately 2021 until its unraveling in October 2024. The scheme involved using stolen identities of at least 80 U.S. persons to bypass employment background checks and secure highly paid remote IT positions for North Korean workers. Wang and his co-conspirators established shell companies, including Hopana Tech LLC, Tony WKJ LLC, and Independent Lab LLC, complete with fabricated financial accounts and websites, to create the illusion that the overseas workers were legitimate U.S. employees. These shell entities had no actual operations or staff.
Wang supervised at least five in-country facilitators, including Zhenxing Wang, who hosted hundreds of company-issued laptops at their residences. These facilitators enabled North Korean workers to remotely access the laptops using KVM (keyboard-video-mouse) switches, making it appear as though the workers were physically present in the United States. Further demonstrating his orchestrating role, Kejia Wang traveled to Shenyang and Dandong, China, in 2023 to meet with overseas actors, including a former classmate he knew was from North Korea, to coordinate the illicit activities.
Scale of the Deception: Millions Funneled to North Korea
The financial impact of Kejia Wang’s scheme is staggering. The operation generated over $5 million in illicit revenue that was directly funneled to the North Korean government. Beyond this, U.S. victim companies suffered at least $3 million in losses, encompassing legal fees, network remediation costs, and other damages. The targeted companies included many Fortune 500 firms and a California-based defense contractor, leading to unauthorized access to sensitive employer data, including technical data controlled under the International Traffic in Arms Regulations (ITAR).
For their direct involvement, Kejia Wang, Zhenxing Wang, and four other U.S. facilitators collectively pocketed nearly $700,000. Judge Gorton ordered Kejia Wang and Zhenxing Wang to forfeit a combined $600,000 in proceeds, with $400,000 already recovered. Kejia Wang was also ordered to pay $29,236.03 in restitution to the victims.
Who Is Kejia Wang?
Kejia Wang, a 42-year-old U.S. citizen residing in Edison, New Jersey, served as the U.S.-based manager of this sophisticated fraudulent operation. His role was pivotal in establishing the infrastructure and managing the logistics that enabled the North Korean IT workers to operate undetected for years. While details about his professional background outside of this scheme are limited, his actions demonstrate a deep understanding of corporate hiring processes and technological vulnerabilities.
Investigation Details: A Multi-Agency Breakthrough
The conviction of Kejia Wang is the culmination of a multi-year, intensive investigation by federal law enforcement agencies. The FBI Las Vegas Field Office, the Defense Criminal Investigative Service (DCIS) San Diego Resident Agency, and Homeland Security Investigations (HSI) San Diego Field Office led the charge. The fraud was uncovered in October 2024, when federal authorities executed searches at eight locations across three states, recovering over 70 laptops and remote access devices. The FBI also seized four web domains associated with Kejia Wang’s and Zhenxing Wang’s shell companies.
Kejia Wang was initially charged in an information unsealed in June 2025 and subsequently pleaded guilty in the District of Massachusetts in September 2025. He was indicted alongside eight other individuals who are believed to be outside the United States and remain at large. This case falls under the Justice Department’s DPRK RevGen: Domestic Enabler Initiative, which prioritizes targeting and disrupting North Korea’s illicit revenue generation schemes and its U.S.-based enablers.
“This complex scheme highlights the persistent and evolving threat posed by foreign adversaries attempting to exploit vulnerabilities in our economic and technological infrastructure for illicit gain,” stated a spokesperson for the U.S. Department of Justice.
What Happens Next: Years Behind Bars and Ongoing Vigilance
With Kejia Wang sentenced to nine years in federal prison, followed by three years of supervised release, a significant figure in this illicit network has been brought to justice. However, the ongoing investigation into the eight other indicted individuals who remain at large suggests that the U.S. government’s efforts to dismantle this network are far from over. The forfeiture and restitution orders aim to recover some of the stolen funds and compensate the victims, but the broader implications for national security and corporate cybersecurity remain a critical concern. Related fraud investigations are continuously being pursued by federal agencies.
Protecting Yourself: Recognizing the Red Flags
The U.S. government has issued numerous advisories to warn companies about the tactics employed by North Korean IT workers and their enablers. These advisories, from agencies including the FBI, Department of the Treasury, Department of State, and the Office of the Director of National Intelligence, highlight several red flags that could have prevented this costly fraud.
Companies should be wary of job applicants or contractors who use U.S.-based LLCs to create the appearance of legitimate employment, especially when a U.S. person and address are paired with a front company to create the illusion of a domestic effort. The use of “laptop farms” and KVM switches to enable remote access while masking the true location of workers is another critical indicator. These front companies are designed to exploit weaknesses in insider risk assessments, often appearing legitimate on paper. Businesses are urged to review their hiring and onboarding processes, implement robust identity verification, and enhance their cybersecurity protocols to detect and prevent such sophisticated infiltration attempts.




