A Maryland man has been sentenced to 15 months in prison for his involvement in a wire fraud conspiracy that enabled foreign IT workers, including individuals believed to be North Korean nationals, to obtain remote jobs with U.S. companies under false pretenses.
Minh Phuong Ngoc Vong, 41, of Bowie, Maryland, received the sentence from U.S. District Judge Deborah L. Boardman. After serving his prison term, Vong will also undergo three years of supervised release, including six months of home confinement.
According to federal prosecutors and court documents, Vong conspired with others—including a foreign national living in Shenyang, China known as John Doe or William James—to secure employment at more than a dozen U.S. companies by misrepresenting his qualifications and citizenship status. Once hired as a remote software developer using these false credentials, Vong provided access credentials to Doe and other overseas conspirators so they could perform the work and receive payment.
Prosecutors stated that Doe was likely a North Korean national working to generate revenue for the North Korean government by infiltrating American businesses through fraudulent means.
“This prosecution shows that we, along with our law-enforcement partners, are serious about holding accountable individuals who endanger our nation,” said Kelly O. Hayes, U.S. Attorney for the District of Maryland. “By conspiring with a foreign national to infiltrate U.S. companies, Mr. Vong put American businesses, their employees, and our broader economic and national security at risk. Our office will zealously pursue anyone who undermines the integrity of U.S. systems for personal gain.”
“Vong is yet another subject being held accountable for using false identities on behalf of North Korea to infiltrate American companies,” said Jimmy Paul, Special Agent in Charge at the FBI’s Baltimore Field Office. “His crimes threaten our economic and national security. I’m proud of the work FBI Baltimore has done to ensure that anyone who seeks to steal from or endanger the United States is brought to justice.”
The investigation revealed that in January 2023 Doe submitted a resume under Vong’s name for a web application developer position at a Virginia-based technology company requiring U.S. citizenship; this resume falsely claimed extensive education and experience which Vong did not possess.
In March 2023 Vong participated in an online interview with this company’s CEO and verified his identity using official documents before being hired onto a contract involving sensitive Federal Aviation Administration (FAA) software used by various government agencies handling defense information. The company provided him with equipment authorized for access to government facilities and systems; however, he installed remote access software allowing Doe—operating from China—to use it covertly.
Between March and July 2023 Doe performed development work remotely while posing as Vong; wages exceeding $28,000 were paid out by the employer during this period—funds which were partially transferred overseas by Vong.
Court records indicate this scheme extended beyond one employer: between 2021 and 2024 at least thirteen different companies paid over $970,000 collectively for services performed not by Vong but by overseas associates like Doe without their knowledge or consent. Some defrauded firms subcontracted work on behalf of additional federal agencies besides FAA—unwittingly granting unauthorized access into sensitive government systems from abroad.
The case was prosecuted by Assistant U.S. Attorney Christina A. Hoffman with support from the National Security Division’s National Security Cyber Section; multiple federal and local law enforcement partners assisted in the investigation.
Federal authorities highlighted ongoing efforts under an initiative launched in March 2024 targeting so-called “laptop farms”—operations where laptops issued by victimized employers are accessed remotely by unauthorized users outside the United States—as part of broader actions against domestic enablers supporting DPRK-linked cyber operations.
