June 30: 9 individuals were indicted in Boston, including 1 Chinese American, 6 
nationals and 2 
nationals, in connection with a scheme to generate revenue for North Korea’s weapons of mass destruction programs. The scheme involved the dispatchment of skilled IT workers who, using stolen identities of US persons, posed as domestic workers to obtain remote IT jobs with US companies, including several Fortune 500 companies and a defense contractor.
The following defendants have been indicted for their roles in the scheme, which generated at least $5M in revenue for North Korea:
national Zhenxing “Danny” Wang
nationals Jing Bin Huang (黄靖斌), Baoyu Zhou (周宝玉), Tong Yuze (佟雨泽), Yongzhe Xu (徐勇哲 andيونجزهي أكسو) currently residing in the UAE, Ziyou Yuan (زيو) currently residing in the UAE and Zhenbang Zhou (周震邦)
nationals Mengting Liu (劉孟婷) and Enchia Liu (刘恩嘉)
Zhenxing Wang was arrested in New Jersey earlier today. An accomplice Kejia “Tony” Wang remains at large.
From ~2021 to Oct 2024, the defendants and other co-conspirators compromised the identities of more than 80 US persons to obtain remote jobs at more than 100 US companies, and caused US victim companies to incur legal fees, computer network remediation costs, and other damages and losses of at least $3M. Overseas IT workers were assisted by Kejia Wang, Zhenxing Wang and at least 4 other identified US facilitators. Kejia Wang, for example, communicated with overseas co-conspirators and IT workers, and traveled to Shenyang and Dandong, China, including in 2023, to meet with them about the scheme. To deceive US companies into believing the IT workers were located in the US, Kejia Wang, Zhenxing Wang and the other US facilitators received and/or hosted laptops belonging to US companies at their residences, and enabled overseas IT workers to access the laptops remotely by, among other things, connecting the laptops to hardware devices designed to allow for remote access (KVM switches).
Kejia Wang and Zhenxing Wang also created shell companies with corresponding websites and financial accounts, including Hopana Tech LLC, Tony WKJ LLC, and Independent Lab LLC, to make it appear as though the overseas IT workers were affiliated with legit US businesses. They established these and other financial accounts to receive money from victimized US companies, much of which was subsequently transferred to overseas co‑conspirators. In exchange for their services, Kejia Wang, Zhenxing Wang, and the four other US facilitators received a total of at least $696K from the IT workers.
IT workers employed under this scheme also gained access to sensitive employer data and source code, including International Traffic in Arms Regulations (ITAR) data from a California-based defense contractor that develops AI-powered equipment and technologies. Specifically, between ~Jan 19, 2024 and ~Apr 2, 2024, an overseas co-conspirator remotely accessed without authorization the company’s laptop and computer files containing technical data and other information. The stolen data included information marked as being controlled under the ITAR.
The FBI and Defense Criminal Investigative Service also seized 17 web domains used in furtherance of the charged scheme and further seized 29 financial accounts, holding tens of thousands of dollars in funds, used to launder revenue for the North Korean regime through the remote IT work scheme.
In Oct 2024, as part of this investigation, federal law enforcement executed searches at 8 locations across 3 states that resulted in the recovery of more than 70 laptops and remote access devices such as KVMs. The FBI seized 4 web domains associated with Kejia Wang’s and Zhenxing Wang’s shell companies.
Between June 10 and June 17, 2025, the FBI executed searches of 21 premises across 14 states hosting known and suspected laptop farms. In total, the FBI seized 137 laptops.
justice.gov/opa/pr/justice
justice.gov/usao-ma/pr/nin
nationals and 2 nationals, in connection with a scheme to generate revenue for North Korea’s weapons of mass destruction programs. The scheme involved the dispatchment of skilled IT workers who, using stolen identities of US persons, posed as domestic workers to obtain remote IT jobs with US companies, including several Fortune 500 companies and a defense contractor.
The following defendants have been indicted for their roles in the scheme, which generated at least $5M in revenue for North Korea:
national Zhenxing “Danny” Wang
nationals Jing Bin Huang (黄靖斌), Baoyu Zhou (周宝玉), Tong Yuze (佟雨泽), Yongzhe Xu (徐勇哲 andيونجزهي أكسو) currently residing in the UAE, Ziyou Yuan (زيو) currently residing in the UAE and Zhenbang Zhou (周震邦)
nationals Mengting Liu (劉孟婷) and Enchia Liu (刘恩嘉)
Zhenxing Wang was arrested in New Jersey earlier today. An accomplice Kejia “Tony” Wang remains at large.
From ~2021 to Oct 2024, the defendants and other co-conspirators compromised the identities of more than 80 US persons to obtain remote jobs at more than 100 US companies, and caused US victim companies to incur legal fees, computer network remediation costs, and other damages and losses of at least $3M. Overseas IT workers were assisted by Kejia Wang, Zhenxing Wang and at least 4 other identified US facilitators. Kejia Wang, for example, communicated with overseas co-conspirators and IT workers, and traveled to Shenyang and Dandong, China, including in 2023, to meet with them about the scheme. To deceive US companies into believing the IT workers were located in the US, Kejia Wang, Zhenxing Wang and the other US facilitators received and/or hosted laptops belonging to US companies at their residences, and enabled overseas IT workers to access the laptops remotely by, among other things, connecting the laptops to hardware devices designed to allow for remote access (KVM switches).
Kejia Wang and Zhenxing Wang also created shell companies with corresponding websites and financial accounts, including Hopana Tech LLC, Tony WKJ LLC, and Independent Lab LLC, to make it appear as though the overseas IT workers were affiliated with legit US businesses. They established these and other financial accounts to receive money from victimized US companies, much of which was subsequently transferred to overseas co‑conspirators. In exchange for their services, Kejia Wang, Zhenxing Wang, and the four other US facilitators received a total of at least $696K from the IT workers.
IT workers employed under this scheme also gained access to sensitive employer data and source code, including International Traffic in Arms Regulations (ITAR) data from a California-based defense contractor that develops AI-powered equipment and technologies. Specifically, between ~Jan 19, 2024 and ~Apr 2, 2024, an overseas co-conspirator remotely accessed without authorization the company’s laptop and computer files containing technical data and other information. The stolen data included information marked as being controlled under the ITAR.
The FBI and Defense Criminal Investigative Service also seized 17 web domains used in furtherance of the charged scheme and further seized 29 financial accounts, holding tens of thousands of dollars in funds, used to launder revenue for the North Korean regime through the remote IT work scheme.
In Oct 2024, as part of this investigation, federal law enforcement executed searches at 8 locations across 3 states that resulted in the recovery of more than 70 laptops and remote access devices such as KVMs. The FBI seized 4 web domains associated with Kejia Wang’s and Zhenxing Wang’s shell companies.
Between June 10 and June 17, 2025, the FBI executed searches of 21 premises across 14 states hosting known and suspected laptop farms. In total, the FBI seized 137 laptops.
justice.gov/opa/pr/justice
justice.gov/usao-ma/pr/nin