Two New Jersey men were sentenced Wednesday for facilitating North Korea’s long-running scheme to plant operatives inside U.S. businesses as employees, generating more than $5 million in illicit revenue for the regime, the Justice Department said.
The U.S. nationals — Kejia Wang, also known as Tony Wang, and Zhenxing Wang, also known as Danny Wang — were part of a years-long conspiracy that placed operatives in jobs at more than 100 U.S. companies, including many Fortune 500 companies, based in 27 states and the District of Columbia.
The elaborate scheme involved shell companies posing as software development firms, money laundering, and espionage with national security implications. Operatives involved in the conspiracy stole sensitive files from a California-based defense contractor related to U.S. military technology controlled under International Traffic in Arms Regulations (ITAR), officials said.
“Democratic People’s Republic of Korea (DPRK) IT workers are not limited to revenue generation. When tasked, they can operationalize their placement and access to support strategic intelligence requirements, including intellectual property theft, network disruption or extortion,” Michael Barnhart, nation state investigator at DTEX, told CyberScoop.
While most of North Korea’s scheme is focused on revenue, it sometimes applies a dual-use approach, tasking certain privileged IT workers with malicious activity aiding other state-backed hacking groups, Barnhart added.
“Not all IT workers can be hackers but every North Korean hacker can or has been an IT worker,” he said. “This distinction matters for insider‑threat analysis because unlike typical fraudulent hires motivated by personal financial gain, IT workers can inflict national‑security‑level damage.”
Kejia Wang, 42, Zhenzing Wang, 39, and their co-conspirators stole the identities of at least 80 U.S. residents to facilitate the hiring of North Korean operatives and collected at least $696,000 in fees combined, officials said. U.S. victim companies also incurred legal fees, remediation costs and other damages and losses exceeding $3 million.
Both men previously pleaded guilty to an assortment of crimes. Kejia Wang was sentenced to nine years in prison for conspiracy to commit wire and mail fraud, money laundering and identity theft. Zhenxing Wang was sentenced to 92 months in prison for conspiracy to commit wire and mail fraud and money laundering.
The pair were also ordered to forfeit a combined $600,000, of which two-thirds has already been paid, officials said.
The conspiracy, which ran from at least 2021 through October 2024, relied in part on shell companies — Hopana Tech, Tony WKJ and Independent Lab — the men set up to create the appearance of legitimate businesses.
“Pairing a U.S. person, a U.S. address, and a front company such as Independent Lab, the facilitators created the illusion of a legitimate domestic effort allowing the IT workers to present themselves as U.S.-based without triggering suspicion during onboarding or daily workflows,” Barnhart said.
“Front companies can act as that middle financial flow from victim companies back to DPRK units, which then pushes funds upward through the Workers’ Party of Korea to support whichever program the unit was aligned with, whether weapons development or domestic priorities,” he added.
These front companies reflect a higher level of tradecraft that exploits a weak spot in insider risk assessments because threats aren’t always a malicious person trying to break into a network, Barnhart said. “Sometimes it looks like an entire company appearing clean on paper.”
Authorities have responded to North Korea’s scheme by targeting U.S.-based facilitators who provide forged or stolen identities and laptop farms for North Korean operatives, and seizing cryptocurrency linked to theft.
Law enforcement wins are stacking up, but researchers warn that North Korea’s operation is massive and consistently evolving.
The sentencing of Kejia Wang and Zhenxing Wang comes less than a month after a trio of American men were sentenced for similar crimes, including the operation of laptop farms, wire fraud and identity theft.
The Justice and Treasury Departments have also issued indictments and sanctioned people and entities allegedly involved in North Korea’s effort to send thousands of specialized technical professionals outside of the country to secure jobs under false pretenses and funnel their wages back to Pyongyang.
You can read the full indictments against Kejia Wang and Zhenxing Wang below.
The post US nationals sentenced for aiding North Korea’s tech worker scheme appeared first on CyberScoop.
–
Read More – CyberScoop
