美国司法部周三表示,两名新泽西州男子因协助朝鲜长期实施的“潜伏雇员”计划而被判刑。该计划旨在将朝鲜特工植入美国企业担任员工,为朝鲜政权赚取了超过500万美元的非法收入。
这两名美国公民分别是42岁的王克佳(音译)和39岁的王振兴(音译)。他们参与了一场持续多年的共谋,通过100多家分布在美国27个州和哥伦比亚特区的美国公司(其中包括多家财富500强企业)为朝鲜技术人员安排工作。这项复杂的计划涉及冒充软件开发公司的壳公司、洗钱活动以及具有国家安全影响的间谍活动。官员称,参与共谋的特工从一家总部位于加利福尼亚州的国防承包商处窃取了与美国军事技术相关的敏感文件,这些技术受美国《国际武器贸易条例》(ITAR)监管。
网络安全公司DTEX的国家级调查员迈克尔·巴恩哈特表示:“朝鲜的IT工作者不仅限于创收。当接到任务时,他们可以利用其职位和访问权限来支持战略情报需求,包括知识产权窃取、网络中断或勒索。”他补充称,虽然该计划的大部分重点是赚取外汇,但有时也会采用“双重用途”方法,任务化某些具有特权的IT员工协助其他国家支持的黑客组织。
调查显示,涉案人员窃取了至少80名美国居民的身份,以促成朝鲜特工的雇佣,并总计收取了至少69.6万美元的中间费用。官方强调,这与普通因个人经济利益驱动的欺诈性招聘不同,受国家支持的IT工作者可能造成国家安全级别的破坏。
Two New Jersey men were sentenced Wednesday for facilitating North Korea’s long-running scheme to plant operatives inside U.S. businesses as employees, generating more than $5 million in illicit revenue for the regime, the Justice Department said.
The U.S. nationals — Kejia Wang, also known as Tony Wang, and Zhenxing Wang, also known as Danny Wang — were part of a years-long conspiracy that placed operatives in jobs at more than 100 U.S. companies, including many Fortune 500 companies, based in 27 states and the District of Columbia.
The elaborate scheme involved shell companies posing as software development firms, money laundering, and espionage with national security implications. Operatives involved in the conspiracy stole sensitive files from a California-based defense contractor related to U.S. military technology controlled under International Traffic in Arms Regulations (ITAR), officials said.
“Democratic People’s Republic of Korea (DPRK) IT workers are not limited to revenue generation. When tasked, they can operationalize their placement and access to support strategic intelligence requirements, including intellectual property theft, network disruption or extortion,” Michael Barnhart, nation state investigator at DTEX, told CyberScoop.
While most of North Korea’s scheme is focused on revenue, it sometimes applies a dual-use approach, tasking certain privileged IT workers with malicious activity aiding other state-backed hacking groups, Barnhart added.
“Not all IT workers can be hackers but every North Korean hacker can or has been an IT worker,” he said. “This distinction matters for insider‑threat analysis because unlike typical fraudulent hires motivated by personal financial gain, IT workers can inflict national‑security‑level damage.”
Kejia Wang, 42, Zhenzing Wang, 39, and their co-conspirators stole the identities of at least 80 U.S. residents to facilitate the hiring of North Korean operatives and collected at least $696,000 in fees combined, officials said. U.S. victim companies also incurred legal fees, remediation costs and other damages and losses exceeding $3 million.
Both men previously pleaded guilty to an assortment of crimes. Kejia Wang was sentenced to nine years in prison for conspiracy to commit wire and mail fraud, money laundering and identity theft. Zhenxing Wang was sentenced to 92 months in prison for conspiracy to commit wire and mail fraud and money laundering.
The pair were also ordered to forfeit a combined $600,000, of which two-thirds has already been paid, officials said.
The conspiracy, which ran from at least 2021 through October 2024, relied in part on shell companies — Hopana Tech, Tony WKJ and Independent Lab — the men set up to create the appearance of legitimate businesses.
“Pairing a U.S. person, a U.S. address, and a front company such as Independent Lab, the facilitators created the illusion of a legitimate domestic effort allowing the IT workers to present themselves as U.S.-based without trigger
