Two Americans have been jailed for a combined 200 months for helping North Korea generate $5 million through fraudulent IT worker schemes.
Kejia “Tony” Wang, 42, and Zhenxing “Danny” Wang, 39, helped North Koreans defy international sanctions and secure tech jobs at more than 100 US companies between 2021 and 2024.
Many of these companies were in the Fortune 500, officials said on Wednesday, and at least one was a US defense contractor.
Keija Wang assumed a managerial role in the wider organization, supervising at least five facilitators who helped North Koreans fraudulently secure US tech jobs.
Zhenxing Wang was one of the so-called facilitators, per his indictment [PDF], tasked with operating laptop farms to which North Koreans would remotely connect and carry out their duties for US employers, all seemingly from a genuine US IP address.
Although Keija Wang was the scheme’s supervisor, both he and Zhenxing Wang assumed administrative responsibilities. They both established companies in the US, purportedly offering software development services but instead served as shell companies through which the illegal overseas workers were paid.
Keija Wang oversaw the operation, which involved stealing the identities of at least 80 US citizens and using them so that North Koreans could pass employment background checks at the companies duped into hiring them.
Those companies would agree to the new hires working remotely and send them company-owned and managed equipment, such as laptops, from which to work.
The scheme’s facilitators, such as Zhenxing Wang, would take receipt of this equipment, operate numerous devices simultaneously, allowing the North Korea-based techies to work using these devices remotely.
Court documents state that these facilitators, of which there were at least five in this scheme alone, collectively operated hundreds of laptops for illegal overseas workers.
Keija Wang also helped set up and manage the financial accounts into which the victim US companies would deposit the monthly salaries earned by the North Korean tech workers.
US officials routinely state that these schemes help to enrich the North Korean regime, and this one is described similarly. Much of the proceeds generated by the illegal employment were funneled back to Keija Wang’s overseas “co-conspirators,” court documents [PDF] stated.
However, Keija Wang and the five facilitators (cool band name btw) collectively earned close to $700,000 for their efforts across the multi-year scheme.
The Justice Department (DoJ) ordered Keija Wang and Zhenxing Wang to forfeit $600,000 of this sum, $400,000 of which has been recovered so far.
Beyond the $5 million generated for North Korea, officials concluded that the victim US companies incurred a collective $3 million in losses, owing to legal fees, computer network remediation costs, and other damages.
The impact for some of the victims was more than financial. One unidentified defense contractor, which employed a North Korean worker between January 19, 2024, and April 2, 2024, and possibly longer, discovered that the individual accessed highly sensitive data.
This included employer data and source code, as well as data controlled under the International Traffic in Arms Regulations (ITAR).
The company in question was not identified, but was described as California-based and one that “develops artificial intelligence-powered equipment and technologies.”
Keija Wang, of Edison, New Jersey, was sentenced to 108 months (nine years) in prison and additionally ordered to pay a judgment of $29,236.03 in restitution, while Zhenxing Wang, of New Brunswick, New Jersey, was sentenced to 92 months (more than seven years). Both will serve three years of supervised release.
US authorities are still on the hunt for a further eight individuals alleged to have participated in the scheme and one North Korean IT worker, all of whom remain at large.
“Today’s announcement sends a clear message: US nationals who facilitate DPRK IT worker schemes and funnel revenue to North Korea will face FBI investigation and potential prison time,” wrote Brett Leatherman, assistant director, at the FBI’s Cyber Division.
“Working closely with our partners, the FBI will pursue their co-conspirators and hold accountable those who seek to empower the DPRK by defrauding American companies and stealing the identities of private citizens.” ®