Minh Phuong Ngoc Vong, a 40-year-old resident of Bowie, Maryland, has been sentenced to 15 months in prison and three years of supervised release for his involvement in a wire fraud conspiracy. The scheme enabled foreign IT workers, posing as U.S. citizens, to secure remote positions at more than a dozen American companies.
Court documents reveal that Vong worked with others, including an individual known as John Doe or William James, a foreign national based in Shenyang, China. Together, they deceived U.S. companies into hiring Vong as a remote software developer by providing false information about his education and work experience. After obtaining these jobs, Vong allowed Doe and other conspirators to use his access credentials to perform the actual software development work and receive payment.
Vong was aware that Doe was located near North Korea. Communications from Doe suggest he is likely a North Korean national working to generate revenue for the North Korean government.
According to the plea agreement, on January 30, 2023, Doe submitted a fraudulent resume under Vong’s name to a Virginia technology company for a web application developer role requiring U.S. citizenship. The resume falsely claimed that Vong held a Bachelor of Science degree and had 16 years of software development experience; in reality, he had neither.
On March 28, 2023, Vong participated in an online interview with the CEO of the Virginia-based company and verified his identity using official documents. He was hired and assigned to work on a contract for the Federal Aviation Administration (FAA), involving sensitive software used by various government agencies for national defense matters. The company provided him with a laptop and authorized him to receive credentials granting access to government facilities and systems. Vong installed remote access software on this laptop so Doe could use it from China without detection.
Between March and July 2023, Doe accessed the system using Vong’s credentials from China while the Virginia company paid over $28,000 in wages to Vong. Portions of these funds were sent overseas to Doe and other co-conspirators.
Vong admitted that this was not an isolated incident; between 2021 and 2024 he used similar fraudulent methods to obtain employment at at least 13 different U.S. companies. Collectively these firms paid him more than $970,000 for services actually performed by overseas individuals like Doe. Some of these companies subcontracted their services out to U.S. government agencies beyond the FAA, inadvertently granting unauthorized foreign access to sensitive government systems.
The FBI Baltimore Field Office led the investigation into this case.
Assistant U.S. Attorney Christina A. Hoffman prosecuted the case with support from the National Security Division’s National Security Cyber Section.
A Department-wide initiative called DPRK RevGen: Domestic Enabler Initiative was launched in March 2024 by the National Security Division along with FBI Cyber and Counterintelligence Divisions. This program focuses on identifying “laptop farms” — locations where laptops supplied by victim companies are used by individuals pretending to be legitimate freelance IT workers — as well as investigating those hosting such operations within the United States. Previous actions under this initiative were announced earlier in January and June 2025.
