Each defendant also helped the IT employees pass employer vetting procedures. Travis and Salazar, for instance, appeared for drug testing on behalf of the employees.
Travis, an active-duty member of the US Army on the time, received not less than $51,397 for his participation within the scheme. Phagnasay and Salazar earned not less than $3,450 and $4,500, respectively. In all, the fraudulent jobs earned roughly $1.28 million in salary payments from the defrauded US firms, the overwhelming majority of which were sent to the IT employees overseas.
The fifth defendant, Ukrainian national Oleksandr Didenko, pleaded guilty to 1 count of aggravated identity theft, along with wire fraud. He admitted to participating in a “years-long scheme that stole the identities of US residents and sold them to overseas IT employees, including North Korean IT employees, so that they could fraudulently gain employment at 40 US firms.” Didenko received lots of of 1000’s of dollars from victim firms who hired the fraudulent applicants. As a part of the plea agreement, Didenko is forfeiting greater than $1.4 million, including greater than $570,000 in fiat and virtual currency seized from him and his co-conspirators.
In 2022, the US Treasury Department said that the Democratic People’s Republic of Korea employs 1000’s of expert IT employees all over the world to generate revenue for the country’s weapons of mass destruction and ballistic missile programs.
“In lots of cases, DPRK IT employees represent themselves as US-based and/or non-North Korean teleworkers,” Treasury Department officials wrote. “The employees may further obfuscate their identities and/or location by sub-contracting work to non North Koreans. Although DPRK IT employees normally engage in IT work distinct from malicious cyber activity, they’ve used the privileged access gained as contractors to enable the DPRK’s malicious cyber intrusions. Moreover, there are likely instances where employees are subjected to forced labor.”
Other US government advisories posted in 2023 and 2024 concerning similar programs have been removed with no explanation.
In Friday’s release, the Justice Department also said it’s searching for the forfeiture of greater than $15 million value of USDT, a cryptocurrency stablecoin pegged to the US dollar, that the FBI seized in March from North APT38 actors. The seized funds were derived from 4 heists APT38 carried out, two in July 2023 against virtual currency payment processors in Estonia and Panama and two in November 2023 from exchanges in Panama and Seychelles.
Justice Department attempts to locate, seize, and forfeit all of the stolen assets remain ongoing because APT38 has laundered them through virtual currency bridges, mixers, exchanges, and over-the-counter traders, the Justice Department said.
