Unbiased AI-powered news
A Massachusetts federal judge sentenced Kejia “Tony” Wang to nine years in prison for leading a fraud operation that placed North Korean IT workers in jobs at over 100 U.S. companies. The scheme stole identities, forged documents, and generated millions in salaries diverted to North Korea's weapons programs.
reviewjournal.comA federal judge in Massachusetts sentenced Kejia “Tony” Wang, a 42-year-old husband and father from New Jersey, to nine years in prison this month for spearheading an international fraud operation that placed North Korean IT workers in tech jobs at more than 100 American companies, including Fortune 500 firms.
Over three years, Wang’s network stole the identities of more than 80 Americans, forged fake social security cards and California driver’s licenses with photos of the North Korean operatives, filed false employment forms with the Department of Homeland Security, and doctored tax documents that went to the IRS and Social Security Administration.
The scheme generated more than $5 million in salary payments from the victim companies, and the fallout caused at least $3 million in legal fees and computer clean-up costs at businesses in 28 states and the District of Columbia, according to court records.
Zhenxing Wang, 39, a friend of Kejia Wang since both arrived from China nearly 20 years ago, was sentenced to nearly eight years in prison. The court ordered Kejia Wang and Zhenxing Wang to forfeit $600,000 collectively that they were paid from their part in the fraud.
The sentences bring the number of Americans convicted for aiding North Korean leader Kim Jong Un’s government to at least seven since last year.
The group includes a former active-duty U.S. Army soldier, an Arizona woman, a nail technician from Maryland, and two men from California. All earned thousands of dollars for helping North Koreans collect millions in salary for doing remote IT jobs.
The wave of sentencing began in 2025 with a guilty plea by a woman who helped her North Korean handlers get jobs at companies, raking in millions. The salaries are diverted to Kim’s government to pay for nuclear weapons development, officials say. “North Korea turns around and uses the money it steals through these operations to fund the unlawful development of weapons of mass destruction—nuclear bombs, for example, and ballistic missiles with which to target the United States and our allies,” stated Jonathan Fritz, principal deputy assistant secretary of state for East Asia Pacific affairs.
Fritz spoke at a UN committee meeting on the North Korean fraud scheme in January.
The North Korean IT worker scheme, in which operatives get remote tech jobs at U.S. and European companies, is an important part of a broad campaign of malfeasance by the Democratic People’s Republic of Korea (DPRK) that has generated about $2.8 billion in the past two years to help fund the country’s nuclear weapon ambitions, according to the UN’s Multilateral Sanctions Monitoring Committee.
The committee, which tracks DPRK sanctions violations and evasion tactics, revealed in January that the scheme has now victimized 40 countries around the globe. A large portion of that total is the result of crypto theft, but the IT worker scheme reliably generates $250 million to $600 million per year in fraudulent salaries, the UN has found.
“North Koreans are taking American jobs, and they’re stealing cryptocurrency from American owners of said cryptocurrency,” stated Fritz. “A North Korean IT worker can live in Laos, steal the identity of a Ukrainian online, and then use that identity to defraud a U.S. company into hiring them—often for remote jobs with salaries in the hundreds of thousands of dollars range,” Fritz added.
AI converted a North Korean accent into a convincing American-sounding voice during live job interviews, according to Evan Gordenker of cybersecurity firm Palo Alto Networks. Gordenker described this tactic at the UN committee meeting in January. “Your citizens are competing against a mechanized system that has been honed over years of training to exploit how we hire,” Gordenker told delegates at the UN committee meeting in January.
Insider intelligence firm DTEX had 87 North Korean IT workers apply for jobs in recent years, according to Michael “Barni” Barnhart. Barnhart and other investigators set up an operation in 2024 to lure DPRK IT workers and American facilitators. A partner created a front company and posted job listings as part of the 2024 operation.
A candidate applied claiming to hail from Austin, Texas. Barnhart spoke during a DTEX panel in San Francisco in March. A young man named “David” walked into the facility in person, presented a real government-issued ID, signed the paperwork, and passed the screening.
David appeared to be a college student at the time, according to Barnhart. When Barnhart’s operation shipped a company laptop to David in Texas, David said he’d moved and asked that it be routed to Moorhead, Minnesota instead. A man named “Aaron” accepted the package under David’s name in Moorhead, Minnesota.
Aaron set up the laptop and arranged it so a North Korean IT worker could perform the job tasks. Barnhart’s team had digital forensics noting every step of the laptop setup. In June 2025, the FBI announced it had conducted 29 raids across 16 states and seized 21 fraudulent websites that were part of the scheme.
In winter 2026, an investigator colleague texted Barnhart a screenshot showing David and Aaron listed as board members of an American employment company for tech workers. Barnhart’s team has pinpointed a third identity floating around that also goes by “David” but with a different last name.
The person behind all three identities was tied to a single North Korean operative Barnhart and other investigators had been tracking for years.
“North Korean IT worker schemes would not be successful without U.S.-based facilitators,” stated Assistant Attorney General John Eisenberg. Eisenberg made this statement in an April sentencing memo. The facilitators “assist overseas remote IT workers by operating laptop farms, creating fictitious front companies and associated financial accounts, defrauding U.S. companies through the use of false and fake identification documents, and pocketing substantial sums of money for their roles,” according to Eisenberg.
David denied via LinkedIn messages that he ever accepted a laptop on behalf of anyone else and said he was unaware of any employment scheme. David said his identity was stolen and that he has discovered 10 jobs linked to his identity since 2021 when he was 19 years old. David checked his IRS transcripts and noticed tons of W2s dating back to when he was 19 that he never applied for or worked for.
David filled out form 14039 to report identity theft to the IRS and reported it to the FTC. Aaron denied any knowledge of a laptop or North Korean IT worker scheme in an email to Fortune. @FortuneMagazine reported these details, drawing from court records, UN committee findings, and interviews with investigators and participants.
These outlets didn't split into competing frames — coverage was uniform.
azernews.azIranian military spokesperson Brig. Mohammad Akraminia said Tuesday the U.S. must accept Iranian sovereignty over the Strait of Hormuz for shipping to return to prewar levels. President Trump announced the U.S. would resume a naval blockade of Iranian ports the same day.
The IndependentThe World Health Organization said the true number of cases is at least double the official tally. The outbreak declared May 15 has spread to Uganda and prompted expanded treatment capacity in Bunia.
The War ZoneThe U.S. Army will station its ME-11B HADES aircraft fleet and establish its first operational unmanned aerial system battalion at Fort Hood, Texas. The moves consolidate the 116th Military Intelligence Brigade and related units at the Texas installation.