5 Plead Guilty in North Korean IT Job Fraud and ID Theft Scheme
▼ Summary
– Five men pleaded guilty to assisting North Koreans in obtaining remote IT work at US companies, violating US law through wire fraud and identity theft.
– The scheme was orchestrated by the North Korean hacking group APT38/Lazarus to generate revenue and fund weapons programs, impacting over 136 US companies.
– Facilitators used false or stolen identities and hosted US company laptops at their residences to create the illusion that workers were based domestically.
– The fraudulent employment generated over $2.2 million for the North Korean regime and compromised the identities of more than 18 US persons.
– Four of the men admitted to providing their US identities and installing remote access software to enable North Korean workers to bypass employment restrictions.
Federal prosecutors have secured guilty pleas from five individuals involved in a sophisticated scheme that enabled North Korean nationals to illegally secure remote IT positions with American companies. This case highlights a broader pattern of state-sponsored efforts to generate illicit revenue and gather intelligence through fraudulent employment practices.
The guilty pleas are connected to a series of operations linked to hacking groups supported by the North Korean government. These campaigns, which intensified around five years ago, are designed to funnel millions of dollars in salaries and cryptocurrency to bankroll the nation’s weapons development. An additional objective involves planting malware to conduct espionage. In one notable instance, a North Korean operative who deceitfully obtained a role at the U.S. cybersecurity firm KnowBe4 proceeded to install malicious software on his very first day of work.
According to the U.S. Justice Department, the five men admitted to assisting North Koreans in gaining employment as part of a plot organized by APT38, a threat actor also known as Lazarus. This group has executed increasingly audacious and sophisticated cyber attacks against the United States and other nations for more than ten years. Each of the five defendants pleaded guilty to wire fraud charges, with one also admitting to a count of aggravated identity theft for his specific actions.
Prosecutors detailed that the facilitators supplied false or stolen identities and set up U.S. company-issued laptops in American homes. This created the illusion that the IT staff were working from within the country. In total, these defendants’ fraudulent employment schemes impacted more than 136 U.S. victim companies, generated more than $2.2 million in revenue for the DPRK regime, and compromised the identities of more than 18 U.S. persons. Comparable fraudulent operations have been documented in several other cases.
Four of the men, Audricus Phagnasay, 24; Jason Salazar, 30; Alexander Paul Travis, 34; and Erick Ntekereze Prince, 30, each pleaded guilty to a single count of wire fraud. Phagnasay, Salazar, and Travis acknowledged providing their own U.S. identities to job applicants they knew were based outside the United States. The foreign workers used these fabricated identities to circumvent legal restrictions on their employment. All four also installed remote access software on laptops located at their residences, creating a deceptive appearance that the North Korean IT personnel were working remotely from within the U.S. rather than from overseas.
(Source: Ars Technica)