TrendPulse Logo

North Korean IT workers are stealing remote jobs and raking in billions—and Americans are helping them do it

Source: FortuneView Original
businessApril 25, 2026

This month, a federal judge in Massachusetts sentenced Kejia “Tony” Wang, a 42-year-old husband and father from New Jersey, to nine years in prison for spearheading what prosecutors described as an international fraud operation that placed North Korean IT workers in tech jobs at more than 100 American companies—including Fortune 500 firms.

Recommended Video

Over the course of three years, Wang’s network stole the identities of more than 80 Americans, forged fake social security cards and California driver’s licenses with photos of the North Korean operatives, filed false employment forms with the Department of Homeland Security, and doctored tax documents that went to the IRS and Social Security Administration. The scheme, in which the North Koreans got hired using Americans’ stolen identities, generated more than $5 million in salary payments from the victim companies. The subsequent fallout once it was uncovered caused at least $3 million in legal fees and computer clean-up costs at businesses in 28 states and the District of Columbia, court records show. Another participant in the scheme, Zhenxing Wang, 39—no relation to Kejia Wang, but a friend since both men arrived from China nearly 20 years ago—was sentenced to nearly eight years in prison. The court ordered both to forfeit $600,000, collectively, that they were paid from their part in the fraud.

The Wang prison terms bring the number of Americans convicted for aiding North Korean leader Kim Jong Un’s government to at least seven since last year. The group includes a former active-duty U.S. Army soldier, an Arizona woman, a nail technician from Maryland, and two men from California. All earned thousands of dollars for helping North Koreans collect millions in salary for doing remote IT jobs. The wave of sentencing began in 2025 with a guilty plea by Christina Chapman, a 51-year-old woman who cared for 90 laptops in her home while helping her North Korean handlers get jobs at 309 companies, raking in $17.1 million. The salaries are diverted to Kim’s government to pay for nuclear weapons development, officials say.

“North Korea turns around and uses the money it steals through these operations to fund the unlawful development of weapons of mass destruction—nuclear bombs, for example, and ballistic missiles with which to target the United States and our allies,” Jonathan Fritz, principal deputy assistant secretary of state for East Asia Pacific affairs, said at a UN committee meeting on the North Korean fraud scheme in January.

The recent spate of prison terms is meant to be a deterrent to curious Americans who see participating in the scheme as a get-money-quick option, but investigators say this is only the tip of the iceberg when it comes to the U.S. muscle undergirding the fraud scheme. Some American facilitators are sophisticated, some are naive, and others walked away from the scheme years ago. However, involvement in this fraud isn’t casual. American identities are still circulating through the North Korean fraud apparatus after they’ve completely moved on with their lives, investigators say.

The scheme relies on two types of American identities. In the Wang case, they were harvested from background-check databases and attached to forged documents without the real Americans’ knowledge. In others, identities are willingly rented by participants who might go even further by showing up for interviews, accepting laptops, giving urine samples or blood for drug tests, or sitting in offices pretending to work. They take a cut of the salary in exchange for providing cover to the North Korean operators so they can pass as American IT workers. In practice, investigators say, the two categories blur. Some facilitators are unwitting victims while others claim identity theft after the fact. To the North Korean IT workers, both are interchangeable.

The North Korean IT worker scheme, in which operatives get remote tech jobs at U.S. and European companies, is an important part of a broad campaign of malfeasance by the Democratic People’s Republic of Korea (DPRK) that has generated about $2.8 billion in the past two years to help fund the country’s nuclear weapon ambitions, according to the UN’s Multilateral Sanctions Monitoring Committee. The committee, which tracks DPRK sanctions violations and evasion tactics, revealed in January that the scheme has now victimized 40 countries around the globe. A large portion of that total is the result of crypto theft, but the IT worker scheme reliably generates $250 million to $600 million per year in fraudulent salaries, the UN has found.

“North Koreans are taking American jobs, and they’re stealing cryptocurrency from American owners of said cryptocurrency,” said Fritz. “A North Korean IT worker can live in Laos, steal the identity of a Ukrainian online, and then use that identity to defraud a U.S. company into hiring them—often for remote jobs with salaries in the hundreds of thousands of dollars range.”

Artific

North Korean IT workers are stealing remote jobs and raking in billions—and Americans are helping them do it | TrendPulse