Five people have pleaded guilty to helping North Koreans defraud US companies by posing as remote IT workers, according to the US Department of Justice (DOJ). announced on Friday.
The five individuals are accused of working as “facilitators” who helped North Koreans find work by providing their own real IDs or fake and stolen IDs of more than a dozen US citizens. The mediators also hosted company-provided laptops in their U.S. homes to make it appear that the North Korean workers were living in the area, according to the DOJ press release.
Those actions affected 136 U.S. companies and generated $2.2 million in revenue for Kim Jong Un’s regime, the Justice Department said.
The latest round of guilty pleas is part of a long-running effort by US authorities to disrupt North Korea’s ability to make money from cybercrime. For years, North Korea has successfully infiltrated hundreds of Western companies posing as remote IT workers—as well as investors and recruiters—as part of a scheme to finance its internationally sanctioned nuclear weapons program. In recent years, the US government has retaliated, indicting individuals involved in the scheme and imposing sanctions on international fraud networks.
“These prosecutions make one point clear: the United States will not allow this [North Korea] to fund its weapons programs by preying on American companies and workers,” U.S. Attorney Jason A. Reding Quiñones said in a press release. “We will continue to work with our partners across the Department of Justice to uncover these schemes, recover stolen funds, and pursue any individual who enables North Korean operations.”
Three of the people – US citizens Audricus Phagnasay, Jason Salazar and Alexander Paul Travis – each pleaded guilty to one count of wire fraud conspiracy.
Prosecutors accused the three of helping North Koreans posing as legitimate IT workers they knew were working outside the United States use their own identities to find work, helping them remotely access their company-issued laptops installed in their homes and also helping the North Koreans pass vetting procedures, such as drug testing.
Techcrunch event
San Francisco
|
13-15 October 2026
Travis, who prosecutors said was an active-duty member of the U.S. military at the time of the scheme, earned more than $50,000 for those actions, while Phagnasay and Salazar were paid at least $3,500 and $4,500, respectively. US companies pay about $1.28 million in wages, most of which was sent to North Korean IT workers abroad, according to the State Department, according to the Justice Department.
The fourth US citizen to plead guilty is Erick Ntekere Prince, who ran a company called Taggcar that supplied US companies with what they claimed were “certified” IT workers, but whom he knew were working outside the country and using stolen or fake identities. Prince also hosted laptops with remote access software at various residences in Florida and earned more than $89,000 for his work, the DOJ said.
Another participant in the scheme who pleaded guilty to wire fraud conspiracy and another count of identity theft is Ukrainian national Oleksandr Didenko, who prosecutors accuse of stealing the identities of American citizens and selling them to North Koreans to get jobs at more than 40 American companies.
According to the press release, Didenko earned hundreds of thousands of dollars for this service. Didenko agreed to forfeit $1.4 million as part of his guilty plea.
The Department of Justice also announced that it had frozen and seized more than $15 million in cryptocurrency stolen in 2023 by North Korean hackers from various crypto platforms.
Crypto companies, exchanges and blockchain projects have become a favorite target for North Korean hackers, who stole more than $650 million in crypto in 2024 and more than $2 billion so far this year.
