US: Five Plead Guilty in North Korean IT Worker Fraud Scheme
Summary:
The US Department of Justice (DoJ) announced that five individuals have pleaded guilty to helping North Korean hackers gain remote IT work in the US. The conspirators provided personal, false or stolen identities as well as hosted laptops provided by the victim organizations to make it appear as if the North Koreans were employed domestically.
In total, the DoJ assessed that the defendants’ actions impacted more than 136 US organizations, generated over $2.2m in revenue for the North Korean regime and compromised the identities of more than 18 US residents. The defendants included four US nationals, Audricus Phagnasay, 24, Jason Salazar, 30, Alexander Paul Travis, 34, and Erick Ntekereze Prince, 30.
All pleaded guilty to one count of wire fraud conspiracy, the first three in the Southern District of Georgia and Travis in the Southern District of Florida.
The fifth individual, Ukrainian national Oleksandr Didenko, pleaded guilty to one count of wire fraud conspiracy and one count of aggravated identity theft in the District of Columbia.
Security Officer Comments:
In their disclosure, the DoJ attributed the activities to the North Korean hacking collective APT38, who they say supported the five defendants in their illicit activities. APT38 has been active since at least 2014 and is connected to Pyongyang’s Reconnaissance General Bureau. The group is commonly known as also known as the Lazarus Group.
In addition to the guilty pleas, the DoJ announced two civil forfeiture complaints describing multimillion-dollar virtual currency heists conducted by APT38 at four overseas virtual currency platforms in 2023. “The Democratic People’s Republic of Korea (DPRK) government uses both types of schemes [remote IT worker infiltration and cryptocurrency heists] to fund its weapons and other priorities in violation of sanctions,” said the DoJ.
The US government managed to seize $15m worth of gains in Tether (USDT), a stable cryptocurrency pegged to the US dollar and backed by cash and cash-equivalent reserves held by Tether Limited, also called a stablecoin. The government now seeks to return these $15m to the rightful owners.
Suggested Corrections:
These actions are the latest in a series of law enforcement actions under the DPRK RevGen: Domestic Enabler Initiative, a joint US National Security Division (NSD) and FBI Cyber and Counterintelligence Divisions effort.
Roman Rozhavsky, assistant director of the FBI’s Counterintelligence Division, said these guilty pleas send a clear message: “No matter who or where you are, if you support North Korea's efforts to victimize US businesses and citizens, the FBI will find you and bring you to justice. We ask all our private sector partners to improve their security process for vetting remote workers and to remain vigilant regarding this emerging threat.”
Link(s):
https://www.infosecurity-magazine.com/news/us-five-plead-guilty-dprk-it/
The US Department of Justice (DoJ) announced that five individuals have pleaded guilty to helping North Korean hackers gain remote IT work in the US. The conspirators provided personal, false or stolen identities as well as hosted laptops provided by the victim organizations to make it appear as if the North Koreans were employed domestically.
In total, the DoJ assessed that the defendants’ actions impacted more than 136 US organizations, generated over $2.2m in revenue for the North Korean regime and compromised the identities of more than 18 US residents. The defendants included four US nationals, Audricus Phagnasay, 24, Jason Salazar, 30, Alexander Paul Travis, 34, and Erick Ntekereze Prince, 30.
All pleaded guilty to one count of wire fraud conspiracy, the first three in the Southern District of Georgia and Travis in the Southern District of Florida.
The fifth individual, Ukrainian national Oleksandr Didenko, pleaded guilty to one count of wire fraud conspiracy and one count of aggravated identity theft in the District of Columbia.
Security Officer Comments:
In their disclosure, the DoJ attributed the activities to the North Korean hacking collective APT38, who they say supported the five defendants in their illicit activities. APT38 has been active since at least 2014 and is connected to Pyongyang’s Reconnaissance General Bureau. The group is commonly known as also known as the Lazarus Group.
In addition to the guilty pleas, the DoJ announced two civil forfeiture complaints describing multimillion-dollar virtual currency heists conducted by APT38 at four overseas virtual currency platforms in 2023. “The Democratic People’s Republic of Korea (DPRK) government uses both types of schemes [remote IT worker infiltration and cryptocurrency heists] to fund its weapons and other priorities in violation of sanctions,” said the DoJ.
The US government managed to seize $15m worth of gains in Tether (USDT), a stable cryptocurrency pegged to the US dollar and backed by cash and cash-equivalent reserves held by Tether Limited, also called a stablecoin. The government now seeks to return these $15m to the rightful owners.
Suggested Corrections:
These actions are the latest in a series of law enforcement actions under the DPRK RevGen: Domestic Enabler Initiative, a joint US National Security Division (NSD) and FBI Cyber and Counterintelligence Divisions effort.
Roman Rozhavsky, assistant director of the FBI’s Counterintelligence Division, said these guilty pleas send a clear message: “No matter who or where you are, if you support North Korea's efforts to victimize US businesses and citizens, the FBI will find you and bring you to justice. We ask all our private sector partners to improve their security process for vetting remote workers and to remain vigilant regarding this emerging threat.”
Link(s):
https://www.infosecurity-magazine.com/news/us-five-plead-guilty-dprk-it/