Five men have pleaded guilty to running laptop farms and providing other assistance to North Koreans to obtain remote IT work at US companies in violation of US law, federal prosecutors said. The pleas come amid a rash of similar schemes orchestrated by hacking and threat groups backed by the North Korean government. The campaigns, which ramped up nearly five years ago, aim to steal millions of dollars in job revenue and cryptocurrencies to fund North Korean weapons programs. Another motive is to seed cyber attacks for espionage. In one such incident, a North Korean man who fraudulently obtained a job at US security company KnowBe4 installed malware immediately upon beginning his employment. On Friday, the US Justice Department said that five men pleaded guilty to assisting North Koreans in obtaining jobs in a scheme orchestrated by APT38, also tracked under the name Lazarus. APT38 has targeted the US and other countries for more than a decade with a stream of attack campaigns that have grown ever bolder and more advanced. All five pleaded guilty to wire fraud, and one to aggravated identity theft, for a range of actions. These aren’t the laptops you think they are “For example, the facilitators’ provided their own, false, or stolen identities, and hosted US victim company-provided laptops at residences across the United States to create the false appearance that the IT workers were working domestically,” prosecutors said. “In total, these defendants’ fraudulent employment schemes impacted more than 136 U.S. victim companies, generated more than $2.2 million in revenue for the DPRK regime, and compromised the identities of more than 18 U.S. persons.” Similar schemes have been reported here, here, and here. Four of the men—Audricus Phagnasay, 24; Jason Salazar, 30; Alexander Paul Travis, 34; and Erick Ntekereze Prince, 30—pleaded guilty to one count of wire fraud. Phagnasay, Salazar, and Travis each admitted they provided their US identities to applicants for IT jobs that the defendants knew were located outside the US. The workers used the fraudulent identities to skirt laws forbidding the employment. All four defendants also installed remote access software from laptops they operated at their residences. The arrangement gave the false appearance that the North Korean IT workers were working remotely from the defendants’ residences rather than abroad.
Continue reading the complete article on the original source
