North Korean Laptop Farm Schemes Expose Growing Identity Fraud Threat In Remote Hiring

On April 15, the U.S. Department of Justice announced the sentencing of two U.S. nationals in U.S. v. Wang in the District of Massachusetts for operating laptop farms that enabled North Korean operatives to fraudulently obtain remote IT jobs.

The scheme used at least 80 stolen American identities to secure fraudulent employment at more than 100 U.S. companies over several years, generating over $5 million in illicit revenue.

Victim employers were also exposed to cybersecurity breaches, export control violations and significant reputational harm as a direct result of the infiltration.

The case is not an isolated incident but reflects a broader and accelerating threat that U.S. employers with remote or hybrid workforces now face during the hiring process.

In a separate case, an Arizona woman was sentenced in July 2025 in the U.S. District Court for the District of Columbia for operating a laptop farm from her home that helped North Korean workers obtain jobs at over 300 U.S. companies.

That scheme, U.S. v. Chapman, generated more than $17 million in illicit revenue and also involved falsely reporting millions in income under stolen identities to the IRS and the Social Security Administration.

Writing for Foley and Lardner LLP, attorneys Patrick J. McMahon and Mark J. Neuberger warn that identity fraud in remote hiring is no longer hypothetical but an active and evolving threat to U.S. employers.

Remote hiring removes in-person touchpoints that historically served as informal verification mechanisms, such as physical presence and in-office onboarding, leaving digital processes exposed to exploitation.

In the DOJ’s Wang case, victim employers shipped corporate laptops to U.S.-based addresses controlled by fraud facilitators, who then provided remote access to overseas operatives, creating the illusion of legitimate domestic employment.

Emerging technologies including AI-generated identities, deepfake video interviews and synthetic credentials are lowering the cost of entry while increasing the sophistication of fraudulent applications, according to the authors.

These schemes carry risks well beyond payroll loss, implicating international trade sanctions evasion, data exfiltration, theft of intellectual property and network compromise that extends into national security and enterprise risk domains.

Employers are urged to require multifactor identity verification during hiring and onboarding, and to use live video verification with real-time ID validation to confirm candidates’ identities at the point of recruitment.

Free federal tools such as E-Verify and the Social Security Administration’s number verification service can further validate employment eligibility and reduce fraud risk without additional cost to employers.

Equipment controls are equally critical, with employers advised to only ship devices to verified physical addresses, implement zero-trust architecture, restrict remote access software installation and monitor IP addresses for anomalies.

Human resources teams serve as the first line of defence and should be trained to recognise fraud indicators, conduct enhanced background checks for sensitive roles and carefully scrutinise third-party staffing vendors and contract arrangements.

Behavioural analytics, periodic audits of access to sensitive systems and clear escalation protocols are all recommended to ensure that potential security concerns are promptly reviewed and addressed across distributed workforces.

Employers should also evaluate obligations under export control laws such as the International Traffic in Arms Regulations, particularly where sensitive data may be accessed remotely by individuals whose true identities and locations are unverified.

McMahon and Neuberger conclude that organisations failing to adapt may find themselves not just victims of fraud but unwitting participants in schemes that expose them to significant legal, financial and reputational consequences.