Five individuals have pleaded guilty to assisting North Koreans in defrauding U.S. companies by pretending to be remote IT workers, as announced by the U.S. Department of Justice on Friday.
These five acted as “facilitators,” helping North Koreans secure jobs by using their real names or the false and stolen identities of over a dozen U.S. citizens. They also hosted company-provided laptops at their homes across the U.S. to create the illusion that the North Korean workers were local residents, according to the DOJ press release.
This operation impacted 136 U.S. companies and provided Kim Jong Un’s regime with $2.2 million in revenue, the DOJ stated.
The recent guilty pleas are part of a long-term initiative by U.S. authorities to combat North Korea’s ability to profit from cybercrime. For years, North Korea has managed to infiltrate numerous Western companies as remote IT workers, along with acting as investors and recruiters, to fund its internationally sanctioned nuclear weapons program. Recently, the U.S. government has responded by indicting individuals linked to this scheme and imposing sanctions on international fraud networks.
“These prosecutions make one point clear: The United States will not allow [North Korea] to finance its weapons programs by exploiting American companies and workers,” U.S. Attorney Jason A. Reding Quiñones stated in a press release. “We will continue collaborating with our partners across the Justice Department to expose these schemes, reclaim stolen funds, and pursue anyone who supports North Korea’s operations.”
Three of the individuals—U.S. citizens Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis—each pleaded guilty to one count of wire fraud conspiracy.
Prosecutors claim that these three helped North Koreans, who were masquerading as legitimate IT workers living outside the U.S., to use their identities to gain employment. They assisted the North Koreans in remotely accessing company-issued laptops set up in their homes and helped them navigate vetting processes, such as drug tests.
Travis, who was reportedly an active-duty member of the U.S. Army during the scheme, earned over $50,000 for his involvement, while Phagnasay and Salazar received at least $3,500 and $4,500, respectively. U.S. companies paid approximately $1.28 million in salaries as part of this scheme, with most funds directed to the North Korean IT workers overseas, according to the DOJ.
The fourth U.S. citizen who pleaded guilty is Erick Ntekereze Prince, who operated a company named Taggcar, offering allegedly “certified” IT workers to U.S. companies. He was aware that these workers were based outside the country and using stolen or fake identities. Prince is said to have hosted laptops with remote access software at various locations in Florida, earning over $89,000 from his activities, the DOJ reported.
Another participant in the scheme, Ukrainian national Oleksandr Didenko, pleaded guilty to one count of wire fraud conspiracy and an additional count of aggravated identity theft. Prosecutors allege that Didenko stole U.S. citizens’ identities and sold them to North Koreans to facilitate jobs at more than 40 U.S. companies.
According to the press release, Didenko earned hundreds of thousands of dollars for his services and agreed to forfeit $1.4 million as part of his guilty plea.
The DOJ also revealed that it has frozen and seized over $15 million in cryptocurrency stolen in 2023 by North Korean hackers from various crypto platforms.
Crypto companies, exchanges, and blockchain projects have become prime targets for North Korean hackers, who reportedly stole more than $650 million in cryptocurrency in 2024 and over $2 billion so far this year.
