5 plead guilty to laptop farm and ID theft scheme to land North Koreans US IT jobs

In a significant development, five individuals have confessed to their roles in an elaborate scheme that involved operating laptop farms to assist North Korean nationals in landing remote IT positions with US companies, a violation of federal law, according to prosecutors. This revelation comes in the wake of increasingly common fraudulent schemes linked to hacking groups believed to be supported by the North Korean government. For nearly five years, these campaigns have been intensifying, primarily aimed at siphoning millions of dollars in both job revenue and cryptocurrencies to finance North Korea's weapons initiatives. Additionally, these activities appear to facilitate cyber espionage efforts. A notable case involved a North Korean individual who, after gaining employment at the US security firm KnowBe4, immediately deployed malware as soon as he commenced his job. On Friday, the US Department of Justice announced the guilty pleas of five men linked to aiding North Koreans in securing these positions through a scheme associated with the hacking group APT38, also known as Lazarus. This group has been responsible for targeting the US and various countries for over a decade, executing increasingly sophisticated attacks. All five defendants were charged with wire fraud, while one faced additional charges for aggravated identity theft due to their extensive actions. Prosecutors revealed that these facilitators provided false or stolen identities and hosted laptops from victim companies at various US residences, creating the illusion that the North Korean IT workers were operating domestically. The fraudulent activities of these defendants affected over 136 US companies, yielding more than $2.2 million in revenue for the North Korean regime and compromising the identities of more than 18 individuals in the United States. Among the defendants, Audricus Phagnasay, 24; Jason Salazar, 30; Alexander Paul Travis, 34; and Erick Ntekereze Prince, 30, each pleaded guilty to one count of wire fraud. Phagnasay, Salazar, and Travis admitted to supplying their US identities to applicants for IT jobs they knew were situated outside the country. These workers utilized the fraudulent identities to bypass employment restrictions. Additionally, all four men installed remote access software on laptops they operated, further perpetuating the facade that North Korean IT workers were functioning from within the US instead of abroad.