Five people have pleaded guilty to helping North Korean citizens defraud American companies by posing as remote IT workers, according to an announcement from the U.S. Department of Justice.
The five individuals acted as facilitators who secured jobs for the North Koreans by providing their own real identities or by using false and stolen identities belonging to more than a dozen U.S. citizens. To create the illusion that the workers were based locally, the facilitators also hosted company-provided laptops in their homes across the United States. The Justice Department stated that this scheme impacted 136 U.S. companies and generated $2.2 million in revenue for the regime of Kim Jong Un.
These guilty pleas are part of a multi-year initiative by U.S. authorities to disrupt North Korea’s ability to generate income through cybercrime. For years, North Korea has infiltrated hundreds of Western companies by having its operatives pose as remote IT workers, as well as investors and recruiters. This is part of a broader scheme to fund the country’s internationally sanctioned nuclear weapons program. In response, the U.S. government has indicted individuals involved and imposed sanctions on international fraud networks.
A U.S. Attorney stated that these prosecutions demonstrate the United States will not allow North Korea to bankroll its weapons programs by preying on American companies and workers, vowing to continue uncovering such schemes and pursuing every individual who enables these operations.
Three of the guilty pleas are from U.S. nationals Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis. Each pleaded guilty to one count of wire fraud conspiracy. Prosecutors said the three men helped North Koreans, whom they knew were working outside the United States, by using their own identities to get jobs. They helped the workers remotely access company laptops set up in their homes and assisted them in passing vetting procedures like drug tests. Travis, who was an active servicemember in the U.S. Army during the scheme, earned over $50,000. Phagnasay and Salazar were paid at least $3,500 and $4,500, respectively. Through this activity, U.S. companies paid approximately $1.28 million in salaries, most of which was sent overseas to the North Korean IT workers.
A fourth U.S. national, Erick Ntekereze Prince, also pleaded guilty. Prince operated a company named Taggcar that supplied allegedly certified IT workers to U.S. companies. He knew these workers were based outside the country and were using stolen or fake identities. Prince also hosted laptops with remote access software at several residences in Florida and earned more than $89,000 for his role.
A Ukrainian national, Oleksandr Didenko, pleaded guilty to one count of wire fraud conspiracy and one count of aggravated identity theft. Prosecutors accuse Didenko of stealing identities from U.S. citizens and selling them to North Koreans, who used them to get jobs at more than 40 U.S. companies. Didenko earned hundreds of thousands of dollars for this service and agreed to forfeit $1.4 million as part of his guilty plea.
In a related action, the Justice Department announced it had frozen and seized more than $15 million in cryptocurrency. These funds were stolen in 2023 by North Korean hackers from several crypto platforms. Crypto companies, exchanges, and blockchain projects have become prime targets for North Korean hackers, who stole more than $650 million in cryptocurrency in 2024 and over $2 billion so far this year.