US soldier sentenced for helping North Korean IT workers

Summary

A U.S. District Court sentenced three men who allowed North Korean IT workers to use their identities to gain employment at U.S. companies. One defendant, Specialist Alexander Paul Travis, an active-duty soldier stationed at Fort Gordon, admitted he provided his identity for resumes, vetting steps (interviews, drug tests, fingerprints), and bank accounts so North Korean operatives could be paid. Travis also installed remote-access software on laptops he received from companies that believed they were hiring him.

Travis received $51,397 for his role, was sentenced to one year in prison, three years of supervised release, and ordered to forfeit $193,265. Two co-defendants, Jason Salazar and Audricus Phagnasay, pleaded guilty alongside him to wire fraud conspiracy; they received probation and forfeiture orders. Prosecutors say the broader scheme netted North Korean IT workers about $1.3 million in salary payments.

Key Points

Three men pleaded guilty to a wire fraud conspiracy that let North Korean IT workers pose as U.S. hires.
Alexander Paul Travis, an active-duty soldier, allowed his identity to be used from 2019–2022 and installed remote-access software on employer laptops.
Travis was paid $51,397, sentenced to one year in prison, three years supervised release, and ordered to forfeit $193,265.
Co-defendants Jason Salazar and Audricus Phagnasay received probation and forfeiture orders; their names were used to earn hundreds of thousands for the scheme.
Prosecutors estimate the scheme generated roughly $1.3 million in salary payments to North Korean operators.
Researchers from Flare and IBM recovered internal materials revealing the organised structure and elite status of participating North Korean IT workers.
Recruitment and collaborator sourcing often occurs via LinkedIn and GitHub; some collaborators provide identities willingly, others unwillingly.

Content Summary

The court found that the defendants supplied their personal details to enable North Korean IT workers to pass employer screening and receive pay. Companies unknowingly provided laptops and employment credentials; the defendants installed or allowed software enabling remote access. Following guilty pleas, the sentences vary: Travis received prison time and forfeiture, while the two civilian co-defendants received probation and forfeiture. Authorities underline the national security implications of the operation and point to ongoing investigations and disruptions of similar North Korean laptop farms.

Researchers have exposed the operation’s internal hierarchy: participants are often well-educated and treated as elite assets by the North Korean state. The campaign relies on both technical infiltration and social recruitment channels in the U.S. and Europe.

Context and Relevance

This case is part of a wider, multi-year law-enforcement effort to dismantle a North Korean programme that places IT personnel abroad to generate illicit revenue. It illustrates how nation-state-linked cyber operations can exploit legitimate hiring platforms and the identities of third parties to bypass controls.

For readers interested in cybersecurity, defence, hiring fraud, or sanctions enforcement, the case shows the human and organisational vectors attackers use, not just malware or network intrusion. It also highlights the role of open platforms (LinkedIn, GitHub) in facilitating recruitment or identity misuse and the complexity of proving and prosecuting such schemes.

Why should I read this?

Look — this isn’t just another court story. It shows how a state-backed criminal pipeline used real people’s identities to slip into U.S. firms and funnel money back to Pyongyang. If you work in hiring, security, or supply-chain risk, the details here are directly relevant: vetting, device control and identity abuse are the weak links. We’ve done the legwork so you can spot the red flags faster.

Source

Source: https://therecord.media/us-soldier-sentencer-for-helping-nk-it-workers