All products
Uncovering a Sophisticated Scheme: North Korean IT Workers Infiltrate US Companies
A recent investigation has shed light on a complex scheme involving the infiltration of US companies by North Korean IT workers. The plot, which involved identity theft and the creation of “laptop farms,” has resulted in the guilty pleas of five individuals, including an active-duty US Army member. The scheme allowed North Korean IT workers to gain employment at over 40 US companies, earning roughly $1.28 million in salary payments, with the majority of the funds being sent overseas.
Each defendant played a crucial role in the scheme, with some helping the IT workers pass employer vetting procedures. For instance, Travis and Salazar appeared for drug testing on behalf of the workers. The defendants received significant payments for their participation, with Travis earning at least $51,397, Phagnasay earning at least $3,450, and Salazar earning at least $4,500.
Aggravated Identity Theft and Wire Fraud
Oleksandr Didenko, a Ukrainian national, pleaded guilty to one count of aggravated identity theft and wire fraud. He admitted to participating in a years-long scheme that stole the identities of US citizens and sold them to overseas IT workers, including North Koreans, to gain employment at US companies. Didenko received hundreds of thousands of dollars from victim companies and is forfeiting over $1.4 million, including $570,000 in fiat and virtual currency seized from him and his co-conspirators.
The US Treasury Department has previously warned that the Democratic People’s Republic of Korea employs thousands of skilled IT workers worldwide to generate revenue for the country’s weapons of mass destruction and ballistic missile programs. These workers often represent themselves as US-based or non-North Korean teleworkers, and may subcontract work to non-North Koreans to further obfuscate their identities and locations.
Forfeiture and Seizure of Assets
The Justice Department is seeking the forfeiture of over $15 million worth of USDT, a cryptocurrency stablecoin pegged to the US dollar, seized from North APT38 actors in March. The seized funds were derived from four heists carried out by APT38 in July and November 2023. The Justice Department’s efforts to locate, seize, and forfeit all stolen assets are ongoing, as APT38 has laundered the funds through virtual currency bridges, mixers, exchanges, and over-the-counter traders.
For more information on this complex scheme and the guilty pleas, visit Here
Image Credit: arstechnica.com