Trio sentenced for facilitating North Korean IT worker scheme from their homes
Three American men were sentenced for facilitating North Korea's remote IT worker scheme, which generated $1.28 million in fraudulent salaries from U.S. companies between 2019 and 2022. The defendants hosted laptop farms, provided fake identities, and helped North Korean operatives bypass employer vetting to appear as legitimate remote workers. Law enforcement continues to target U.S.-based facilitators as North Korea scales the operation using AI tools to automate attack workflows.
Summary
Three American men were sentenced for facilitating North Korea's remote IT worker scheme, which generated $1.28 million in fraudulent salaries from U.S. companies between 2019 and 2022. The defendants hosted laptop farms, provided fake identities, and helped North Korean operatives bypass employer vetting to appear as legitimate remote workers. Law enforcement continues to target U.S.-based facilitators as North Korea scales the operation using AI tools to automate attack workflows.
Full text
Three American men were sentenced Friday for crimes they committed in furtherance of North Korea’s vast scheme to get operatives hired at U.S. companies, the Justice Department said. The trio — Audricus Phagnasay, 25, Jason Salazar, 30, and Alexander Paul Travis, 35 — pleaded guilty in November to wire fraud conspiracy for providing U.S. identities to remote North Korean IT workers. They hosted U.S. company-provided laptops at their homes and installed remote-access software so North Korean operatives could appear to be working in the country. The group also helped remote IT workers pass employer vetting and, in the case of Travis and Salazar, took drug tests on behalf of the North Koreans, prosecutors said. Travis, an active-duty member of the U.S. Army at the time, received about $51,000 from the scheme. He was sentenced to one year in prison and ordered to forfeit about $193,000. Phagnasay and Salazar each pocketed about $3,500 and $4,500, respectively, and were both sentenced to three years of probation and a $2,000 fine. A federal court ordered Salazar to forfeit about $410,000 and ordered Phagnasay to forfeit nearly $682,000. “These men practically gave the keys to the online kingdom to likely North Korean overseas technology workers seeking to raise illicit revenue for the North Korean government — all in return for what to them seemed like easy money,” Margaret Heap, U.S. attorney for the Southern District of Georgia, said in a statement. “These schemes present a significant challenge to our national security, and we applaud our investigative partners working to secure our digital borders,” Heap added. The trio facilitated about $1.28 million in salary from victim U.S. companies from September 2019 through November 2022. Yet, the financial cuts for their assistance was relatively low. Officials’ countermeasures to these schemes, which ultimately launder ill-gotten money to North Korea’s government, involve the targeting of U.S.-based facilitators who provide forged or stolen identities and laptop farms for North Korean operatives, and the seizure of cryptocurrency linked to theft. Law enforcement wins on both fronts are stacking up, but researchers warn that North Korea’s operation is massive in scale and consistently evolving. Microsoft Threat Intelligence earlier this month warned that North Korean threat groups are using artificial intelligence tools to accelerate and expand the country’s scheme – automating and improving efforts across the attack lifecycle. Share Facebook LinkedIn Twitter Copy Link
Indicators of Compromise
- mitre_attack — T1078.001 - Valid Accounts: Default Accounts
- mitre_attack — T1021.004 - Remote Services: SSH/Telnet
- mitre_attack — T1583.001 - Acquire Infrastructure: Domains