Five people have pleaded guilty to helping North Koreans defraud U.S. companies by posing as remote IT workers, the U.S. Department of Justice (DOJ) announced on Friday.
The five people are accused of working as “facilitators” who helped North Koreans get jobs by providing their own real identities, or false and stolen identities of more than a dozen U.S. nationals. The facilitators also hosted company-provided laptops in their homes across the U.S. to make it look like the North Korean workers lived locally, according to the DOJ press release.
These actions affected 136 U.S. companies and netted Kim Jong Un’s regime $2.2 million in revenue, said the DOJ.
The latest round of guilty pleas is part of a years-long effort by American authorities to disrupt North Korea’s ability to make money from cybercrime. For years, North Korea has successfully infiltrated hundreds of Western companies posing as remote IT workers — as well as investors and recruiters — as part of a scheme to fund its internationally sanctioned nuclear weapons program. In recent years, the U.S. government has fought back, indicting people involved in the scheme, and imposing sanctions on international fraud networks.
“These prosecutions make one point clear: the United States will not permit [North Korea] to bankroll its weapons programs by preying on American companies and workers,” U.S. Attorney Jason A. Reding Quiñones said in a press release. “We will keep working with our partners across the Justice Department to uncover these schemes, recover stolen funds, and pursue every individual who enables North Korea’s operations.”
Three of the people — U.S. nationals Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis — each pleaded guilty to one count of wire fraud conspiracy.
Prosecutors accused the three of helping North Koreans posing as legitimate IT workers, whom they knew worked outside of the United States, to use their own identities to obtain employment, helped them remotely access their company-issued laptops set up in their homes, and also helped the North Koreans pass vetting procedures, such as drug tests.
Techcrunch event
San Francisco
|
October 13-15, 2026
Travis, who prosecutors said was an active servicemember of the U.S. Army at the time of the scheme, earned more than $50,000 for these actions, while Phagnasay and Salazar were paid at least $3,500 and $4,500, respectively. The scheme saw U.S. companies pay around $1.28 million in salaries, most of which was sent to the North Korean IT workers overseas, per the DOJ.
The fourth U.S. national who pleaded guilty is Erick Ntekereze Prince, who ran a company called Taggcar, which supplied to U.S. companies allegedly “certified” IT workers but whom he knew worked outside of the country and were using stolen or fake identities. Prince also hosted laptops with remote access software at several residences in Florida, and earned more than $89,000 for his work, the DOJ said.
Another participant in the scheme who pleaded guilty to one count of wire fraud conspiracy and another count of aggravated identity theft is Ukrainian national Oleksandr Didenko, who prosecutors accuse of stealing U.S. citizens’ identities and selling them to North Koreans so they could get jobs at more than 40 U.S. companies.
According to the press release, Didenko earned hundreds of thousands of dollars for this service. Didenko agreed to forfeit $1.4 million as part of his guilty plea.
The DOJ also announced that it had frozen and seized more than $15 million in cryptocurrency stolen in 2023 by North Korean hackers from several crypto platforms.
Crypto companies, exchanges, and blockchain projects, have become one of the favorite targets for North Korean hackers, who stole more than $650 million in crypto in 2024, and more than $2 billion so far this year.
