Each defendant also assisted IT workers in completing the employer's vetting procedures. Travis and Salazar, for example, showed up for drug testing on behalf of the workers.
Travis, then an active duty member of the U.S. Army, received at least $51,397 for his participation in the scheme. Fagnasey and Salazar earned at least $3,450 and $4,500, respectively. Overall, the fraudulent jobs generated approximately $1.28 million in wages from defrauded U.S. companies, the vast majority of which were sent to IT workers overseas.
The fifth defendant, Ukrainian national Alexander Didenko, pleaded guilty to one count of aggravated identity theft and wire fraud. He admitted to participating in a “multi-year scheme that stole the personal information of U.S. citizens and sold it to foreign IT workers, including North Korean IT workers, so they could fraudulently obtain jobs at 40 American companies.” Didenko received hundreds of thousands of dollars from the victim companies that hired the scammers. As part of the plea agreement, Didenko forfeits more than $1.4 million, including more than $570,000 in fiat and virtual currency confiscated from him and his co-conspirators.
In 2022, the US Treasury said that the Democratic People's Republic of Korea employs thousands of skilled IT professionals around the world to generate revenue for the country's weapons of mass destruction and ballistic missile programs.
“In many cases, DPRK IT professionals represent themselves as remote workers from the United States and/or other countries,” Treasury officials wrote. “Workers can further conceal their identity and/or location by subcontracting work to non-North Koreans. Although DPRK IT workers typically engage in IT work other than malicious cyber activity, they have used the privileged access gained as contractors to facilitate malicious DPRK cyber intrusions. In addition, there are likely instances of workers being subjected to forced labor.”
Other US government recommendations issued in 2023 and 2024 regarding similar programs were removed without explanation.
In Friday's announcement, the Justice Department also said it is seeking the forfeiture of more than $15 million worth of USDT, a cryptocurrency stablecoin pegged to the U.S. dollar that the FBI seized in March from North APT38 entities. The funds seized were the result of four APT38 heists: two in July 2023 against virtual currency payment processors in Estonia and Panama, and two in November 2023 against exchanges in Panama and the Seychelles.
The DOJ's efforts to locate, seize and forfeit all stolen assets continue as APT38 launders them through virtual currency bridges, mixers, exchanges and over-the-counter traders, the DOJ said.
