Two US Nationals Sentenced for North Korea's Tech Worker Espionage Scheme Worth $5M

Two New Jersey men were sentenced on Wednesday for facilitating a long-running North Korean scheme to infiltrate U.S. businesses as employees, generating more than $5 million in illicit revenue for the regime, the U.S. Department of Justice announced.

The U.S. nationals—Kejia Wang, also known as Tony Wang, and Zhenxing Wang, also known as Danny Wang—were part of a years-long conspiracy that placed operatives in jobs at more than 100 U.S. companies, including numerous Fortune 500 firms, across 27 states and the District of Columbia.

The elaborate scheme involved shell companies posing as software development firms, money laundering, and espionage with significant national security implications. Operatives involved in the conspiracy stole sensitive files from a California-based defense contractor related to U.S. military technology controlled under the International Traffic in Arms Regulations (ITAR).

Espionage and Dual-Use Tactics

According to Michael Barnhart, a nation-state investigator at DTEX, North Korean IT workers are not solely focused on revenue generation. He told CyberScoop:

“Democratic People’s Republic of Korea (DPRK) IT workers are not limited to revenue generation. When tasked, they can operationalize their placement and access to support strategic intelligence requirements, including intellectual property theft, network disruption or extortion.”

Barnhart added that while most of North Korea’s scheme prioritizes financial gain, it sometimes employs a dual-use approach, assigning certain privileged IT workers to engage in malicious activities that support other state-backed hacking groups.

“Not all IT workers can be hackers but every North Korean hacker can or has been an IT worker. This distinction matters for insider-threat analysis because unlike typical fraudulent hires motivated by personal financial gain, IT workers can inflict national-security-level damage.”

Financial and Operational Impact

Kejia Wang, 42, and Zhenxing Wang, 39, along with their co-conspirators, stole the identities of at least 80 U.S. residents to facilitate the hiring of North Korean operatives. They collected at least $696,000 in fees combined. U.S. victim companies also incurred legal fees, remediation costs, and other damages exceeding $3 million.

Both men previously pleaded guilty to multiple charges. Kejia Wang was sentenced to nine years in prison for conspiracy to commit wire fraud, mail fraud, money laundering, and identity theft. Zhenxing Wang received a sentence of 92 months in prison for conspiracy to commit wire fraud and mail fraud, as well as money laundering. The pair were also ordered to forfeit a combined $600,000, of which two-thirds has already been paid.

How the Scheme Operated

The conspiracy, which ran from at least 2021 through October 2024, relied on shell companies—Hopana Tech, Tony WKJ, and Independent Lab—to create the illusion of legitimate businesses. These front companies enabled North Korean operatives to pose as U.S.-based employees without raising suspicion during hiring or daily operations.

“Pairing a U.S. person, a U.S. address, and a front company such as Independent Lab, the facilitators created the illusion of a legitimate domestic effort allowing the IT workers to present themselves as U.S.-based without triggering suspicion during onboarding or daily workflows,” Barnhart explained.

Barnhart further noted that these front companies served as financial intermediaries, channeling funds from victim companies back to North Korean units. These funds were then funneled upward through the Workers’ Party of Korea to support various programs, including weapons development or domestic priorities.