About

North Korean Laptop Farms Enable $5M Identity Fraud Scheme Posing as U.S. Remote Workers

Published
Score
16

Why it matters

The Department of Justice announced the sentencing of two U.S. nationals for operating a multiyear scheme that deployed North Korean IT workers under stolen American identities to infiltrate over 100 U.S. companies. Kejia Wang, 42, and Zhenxing Wang, 39, used at least 80 fraudulent identities to secure remote positions across the corporate sector, generating more than $5 million in illicit revenue for the DPRK regime. The operation relied on "laptop farms"—physical U.S.-based facilities hosting computers that allowed overseas workers to bypass location-based security checks, making employers believe they were hiring domestically based remote staff.

The infiltration campaign compromised more than 300 U.S. companies between 2020 and 2024 and has now expanded into European markets. North Korea has systematized this operation as a state-backed effort combining stolen identities, generative AI, and support networks to evade sanctions and generate hard currency. The full scope of the scheme and the extent of data exfiltration remain unclear, as does the precise technical infrastructure supporting the laptop farms across U.S. jurisdictions.

Attorneys should treat this as a material shift in hiring security protocols. The sentencing signals active federal enforcement, but the rapid geographic expansion suggests the threat is accelerating faster than detection. Companies should implement continuous identity verification beyond initial onboarding, including live video verification and cross-checks to prevent proxy access through intermediaries. For in-house counsel, this underscores that remote hiring now carries national security compliance implications alongside standard employment vetting.

Sources

mail Subscribe to Privacy email updates

Primary sources. No fluff. Straight to your inbox.

Also on LawSnap