Shadow Hires: How a U.S.-Based “Laptop Farm” Fueled North Korea’s Corporate Infiltration

It sounds like a plot ripped from a cyber-thriller: ordinary suburban homes filled with racks of laptops, all quietly serving as the digital front for North Korean operatives infiltrating American corporations. But this week, in a landmark case, the Department of Justice unmasked the reality behind the fiction, sentencing two New Jersey residents for running a clandestine “laptop farm” operation that enabled North Korea to siphon over $5 million - and sensitive corporate secrets - from inside the U.S.

Investigators say Kejia Wang and Zhenxing Wang weren’t just facilitating run-of-the-mill fraud. Instead, they built an elaborate infrastructure in their homes: clusters of corporate-issued laptops, each connected to devices called KVM switches. This setup allowed dozens of North Korean IT workers to remotely control these machines from overseas, all while appearing to be legitimate U.S.-based employees. The ruse was effective enough to dupe more than 100 American companies - including several Fortune 500 giants - into unwittingly hiring North Korean operatives.

To pass employment verification checks, the conspirators stole the identities of at least 80 American citizens, allowing the DPRK operatives to blend in seamlessly. The subterfuge didn’t end with fake resumes and interviews. Through shell companies like Hopana Tech LLC and Independent Lab LLC, the Wangs laundered millions in wages and contract payments, funneling funds to North Korea while masking the operation as legitimate business.

But the damage ran deeper than lost money. Prosecutors revealed that North Korean IT workers, once inside these networks, stole proprietary data and source code. In one high-profile breach, an AI-powered defense contractor in California was compromised, with sensitive technical data exfiltrated in violation of U.S. arms export regulations. The financial fallout from these intrusions - network repairs, legal costs, and lost intellectual property - tallied over $3 million.

The sentencing is a milestone for the Justice Department’s “DPRK RevGen: Domestic Enabler Initiative,” a program targeting North Korea’s global cyber-revenue pipelines. Authorities have already seized numerous domains and financial accounts, but eight suspects remain at large, with the State Department offering a $5 million reward for information leading to their capture.

Experts warn this case is a wake-up call: North Korea’s cyber tactics now exploit the rise of remote work, using trusted hiring channels as their latest infiltration route. Employers are urged to tighten remote-access monitoring, implement robust identity checks, and audit hardware for unauthorized devices - before the next “laptop farm” moves in next door.

As the world embraces remote work, this case exposes how easily trust - and technology - can be weaponized. The shadows may be digital, but the threat is all too real.

WIKICROOK

• KVM Switch: A KVM switch enables control of multiple computers with one keyboard, monitor, and mouse, improving security and efficiency in IT environments.
• Shell Company: A shell company is a business entity with no real operations or assets, often used to hide money flows or obscure the true owners of assets.
• Employment Verification: Employment verification checks a candidate’s identity and work history, ensuring only eligible and trustworthy individuals access sensitive systems and data.
• ITAR: ITAR is a set of U.S. regulations controlling the export and sharing of defense-related technology, including sensitive aviation and technical data.
• Remote Access: Remote access allows users to connect to a computer or network from a distance, enabling convenience but requiring strong security to prevent unauthorized entry.