Five individuals have pleaded guilty to helping North Korean hackers in remote IT work and virtual currency heist schemes.
The US Department of Justice (DoJ) described the five individuals as “facilitators” who assisted North Korean hackers with obtaining remote IT employment with US companies.
They allegedly provided personal, false or stolen identities and hosted laptops provided by the victim company at residences across the US to create the false appearance that the IT workers were employed domestically.
In total, the DoJ assessed that the defendants’ actions impacted more than 136 US organizations, generated over $2.2m in revenue for the North Korean regime and compromised the identities of more than 18 US residents.
The defendants included four US nationals, Audricus Phagnasay, 24, Jason Salazar, 30, Alexander Paul Travis, 34, and Erick Ntekereze Prince, 30.
All pleaded guilty to one count of wire fraud conspiracy, the first three in the Southern District of Georgia and Travis in the Southern District of Florida.
The fifth individual, Ukrainian national Oleksandr Didenko, pleaded guilty to one count of wire fraud conspiracy and one count of aggravated identity theft in the District of Columbia.
US Seeks Forfeiture of Over $15m in Stolen Cryptocurrency
The DoJ identified the North Korean hacking collective that received support from the five defendants as APT38, a nation-state group active since at least 2014 and attributed to the Pyongyang’s Reconnaissance General Bureau. The group is commonly known as also known as the Lazarus Group.
In addition to the guilty pleas, the DoJ announced two civil forfeiture complaints describing multimillion-dollar virtual currency heists conducted by APT38 at four overseas virtual currency platforms in 2023.
“The Democratic People’s Republic of Korea (DPRK) government uses both types of schemes [remote IT worker infiltration and cryptocurrency heists] to fund its weapons and other priorities in violation of sanctions,” said the DoJ.
The US government managed to seize $15m worth of gains in Tether (USDT), a stable cryptocurrency pegged to the US dollar and backed by cash and cash-equivalent reserves held by Tether Limited – also called a stablecoin.
The government now seeks to return these $15m to the rightful owners.
These actions are the latest in a series of law enforcement actions under the DPRK RevGen: Domestic Enabler Initiative, a joint US National Security Division (NSD) and FBI Cyber and Counterintelligence Divisions effort.
Roman Rozhavsky, assistant director of the FBI’s Counterintelligence Division, said these guilty pleas send a clear message: “No matter who or where you are, if you support North Korea's efforts to victimize US businesses and citizens, the FBI will find you and bring you to justice. We ask all our private sector partners to improve their security process for vetting remote workers and to remain vigilant regarding this emerging threat.”
Read now: How to Protect Your Business From North Korean IT Worker Scams