π―Two guys in the US tricked companies into hiring North Korean workers by using stolen identities. They made a lot of money from this scam, but now they're going to prison for a long time. Companies need to be careful about who they hire to avoid getting scammed.
What Happened
Two US nationals, Kejia "Tony" Wang, 42, and Zhenxing "Danny" Wang, 39, have been sentenced to a combined total of 200 months in prison for their involvement in a fraudulent scheme that enabled North Korean workers to secure remote IT jobs at more than 100 US companies, including several Fortune 500 firms and at least one US defense contractor. The scheme, which ran from 2021 to 2024, generated over $5 million in illicit revenue for the North Korean government, while also leading to significant financial and data losses for the victim companies.
Who's Affected
The fraudulent activities impacted over 100 organizations, including major Fortune 500 companies and a California-based defense contractor that developed artificial intelligence-powered technologies. The contractor discovered that a North Korean worker had accessed sensitive data, including employer data and source code, potentially violating International Traffic in Arms Regulations (ITAR).
What Data Was Exposed
The stolen identities of at least 80 American citizens were used to facilitate the hiring of North Korean workers, who were able to pass employment background checks. This led to the unauthorized access of sensitive information, including proprietary source code and confidential employer data. The total financial losses incurred by victim companies are estimated at around $3 million, covering legal fees, network remediation costs, and other damages.
What You Should Do
Organizations should remain vigilant against potential scams that involve remote workers, particularly those that may involve identity theft. Implementing strict hiring protocols and conducting thorough background checks can help mitigate the risk of falling victim to similar schemes. Additionally, companies should ensure robust cybersecurity measures are in place to protect sensitive data from unauthorized access.
Additional Context
Kejia Wang acted as the manager of the operation, overseeing at least five facilitators who helped North Koreans fraudulently secure jobs. Both he and Zhenxing Wang established shell companies that purported to offer legitimate software development services, but were instead used to funnel payments to the overseas workers. The Justice Department has mandated that the Wangs forfeit $600,000 of their earnings, of which $400,000 has been recovered so far. The FBI continues to seek eight additional individuals linked to this scheme, emphasizing the ongoing threat posed by such fraudulent activities.
This case highlights the growing threat of identity theft and fraudulent employment schemes that exploit remote work opportunities, particularly in the tech sector. Organizations must enhance their vetting processes to protect against similar scams.
