The U.S. Department of Justice (DOJ) revealed on Friday that five individuals have admitted to assisting North Koreans in scamming American businesses by pretending to be remote IT employees.
These individuals acted as "facilitators," allegedly helping North Koreans secure employment by using either their own legitimate identities or the stolen and fabricated identities of over a dozen U.S. citizens. The DOJ stated that the facilitators also kept company-issued laptops in their homes throughout the United States, creating the illusion that the North Korean workers were based locally.
The DOJ reported that these activities impacted 136 American companies and generated $2.2 million in revenue for Kim Jong Un’s government.
This recent series of guilty pleas is part of a broader, ongoing initiative by U.S. officials to hinder North Korea’s ability to profit from cybercrime. North Korea has, for years, infiltrated hundreds of Western organizations by masquerading as remote IT professionals, investors, and recruiters, all as part of a strategy to finance its internationally sanctioned nuclear weapons initiatives. In response, the U.S. government has prosecuted those involved and imposed sanctions on global fraud operations.
“These cases send a clear message: the United States will not allow [North Korea] to fund its weapons programs by exploiting American businesses and employees,” said U.S. Attorney Jason A. Reding Quiñones in a statement. “We will continue collaborating with our Justice Department partners to expose these operations, recover stolen assets, and pursue anyone supporting North Korea’s activities.”
Three of the defendants — U.S. citizens Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis — each admitted guilt to a single charge of conspiracy to commit wire fraud.
Prosecutors allege that these three assisted North Koreans, whom they knew were working from outside the U.S., in obtaining jobs by using their own identities, granting remote access to company laptops located in their homes, and helping the North Koreans pass background checks, including drug screenings.
According to prosecutors, Travis, who was serving in the U.S. Army at the time, received over $50,000 for his involvement, while Phagnasay and Salazar were paid at least $3,500 and $4,500, respectively. The scheme resulted in U.S. companies paying approximately $1.28 million in wages, most of which was transferred to North Korean IT workers abroad, as reported by the DOJ.
The fourth American defendant, Erick Ntekereze Prince, operated a business called Taggcar, which provided U.S. firms with supposedly “certified” IT professionals, despite knowing they were working from outside the country and using fraudulent or stolen identities. The DOJ noted that Prince also set up laptops with remote access software at multiple Florida locations and earned over $89,000 for his role.
Another individual involved, Ukrainian national Oleksandr Didenko, pleaded guilty to one count of wire fraud conspiracy and one count of aggravated identity theft. Prosecutors claim he stole the identities of U.S. citizens and sold them to North Koreans, enabling them to secure jobs at more than 40 American companies.
The press release states that Didenko made several hundred thousand dollars from these activities. As part of his plea agreement, he will forfeit $1.4 million.
The DOJ further announced that it had frozen and confiscated over $15 million in cryptocurrency that North Korean hackers stole from various crypto platforms in 2023.
Cryptocurrency businesses, exchanges, and blockchain ventures have become prime targets for North Korean cybercriminals, who stole more than $650 million in digital assets in 2024 alone, and have accumulated over $2 billion to date this year.
