The U.S. Division of Justice (DoJ) on Friday introduced that 5 people have pleaded responsible to helping North Korea’s illicit income era schemes by enabling info expertise (IT) employee fraud in violation of worldwide sanctions.
The 5 people are listed under –
- Audricus Phagnasay, 24
- Jason Salazar, 30
- Alexander Paul Travis, 34
- Oleksandr Didenko, 28, and
- Erick Ntekereze Prince, 30
Phagnasay, Salazar, and Travis pleaded responsible to 1 depend of wire fraud conspiracy for knowingly permitting IT employees situated exterior of the U.S. to make use of their U.S. identities between about September 2019 and November 2022 and safe jobs at American corporations.
The three defendants additionally served as facilitators, internet hosting the company-issued laptops at their residences and putting in distant desktop software program on these machines with out authorization in order that the IT employees may hook up with them and provides the impression that they had been working remotely inside the U.S.
Moreover, the trio is claimed to have aided the abroad IT employees in passing employer vetting procedures, with Salazar and Travis taking it to the following stage by showing for drug testing on behalf of them. Travis, then an active-duty member of the U.S. Military, acquired at the least $51,397 for his function within the fraudulent scheme. Phagnasay and Salazar are stated to have earned at the least $3,450 and $4,500, respectively.
Didenko, whose arrest was disclosed by the DoJ again in Could 2025, has pleaded responsible to wire fraud conspiracy and aggravated identification theft for stealing the identities of U.S. residents and promoting them to IT employees in order that they might land jobs at 40 U.S. corporations. Didenko has additionally agreed to forfeit greater than $1.4 million.
“Didenko ran an internet site utilizing a U.S.-based area, ‘Upworksell.com,’ designed to assist abroad IT employees purchase or hire stolen or borrowed identities,” the DoJ stated. “Starting in 2021, the IT employees used the identities to get employed on on-line freelance work platforms primarily based in California and Pennsylvania.”
The Ukrainian nationwide additionally paid people within the U.S. to obtain and host laptops, turning their houses into laptop computer farms for the IT employees. One such laptop computer farm was operated by Christina Marie Chapman in Arizona. Didenko’s website has since been seized. Chapman was sentenced to eight.5 years in jail in July 2025.
Didenko is estimated to have managed as many as 871 proxy identities and facilitated the operation of at the least three U.S.-based laptop computer farms. He additionally enabled his abroad shoppers to entry Cash Service Transmitters quite than having to bodily open an account at a U.S. financial institution to switch the employment revenue to international financial institution accounts.
Rounding off the listing is Prince, who has pleaded responsible to 1 depend of wire fraud conspiracy for allegedly working an organization known as Taggcar Inc. from roughly June 2020 by way of August 2024 to provide “licensed” IT employees to U.S. corporations and for working a laptop computer at his house in Florida. Prince earned greater than $89,000 for his involvement within the IT employee fraud.
It is value noting that Prince, together with Pedro Ernesto Alonso De Los Reyes, Emanuel Ashtor, and Jin Sung-Il (진성일), Pak Jin-Music (박진성), had been indicted earlier this January for allegedly permitting North Korean IT employees to acquire work at greater than 64 U.S. corporations.
The scheme netted greater than $943,069 in wage funds, most of which had been funneled again to the IT employees abroad. Ashtor is at the moment awaiting trial, and De Los Reyes is pending extradition from the Netherlands.
“In whole, these defendants’ fraudulent employment schemes impacted greater than 136 U.S. sufferer corporations, generated greater than $2.2 million in income for the [Democratic People’s Republic of Korea] regime, and compromised the identities of greater than 18 U.S. individuals,” the DoJ stated.
In a set of associated actions, the DoJ stated it has additionally filed two civil complaints to forfeit cryptocurrency valued at greater than $15 million that the U.S. Federal Bureau of Investigation (FBI) seized in March 2025 from APT38 (aka BlueNoroff) actors. The digital property, the complaints allege, had been illegally obtained by way of hacks at abroad digital foreign money platforms –
- Theft of roughly $37 million from an Estonia-based digital foreign money funds processor in July 2023
- Theft of roughly $100 million from a Panama-based digital foreign money cost processor in July 2023
- Theft of roughly $138 million from a Panama-based digital foreign money trade in November 2023, and
- Theft of roughly $107 million in digital foreign money from a Seychelles-based digital foreign money trade in November 2023
“Efforts to hint, seize, and forfeit associated stolen digital foreign money stay ongoing, because the APT38 actors proceed to launder such funds by way of numerous digital foreign money bridges, mixers, exchanges, and over-the-counter merchants,” the division added.
The brand new spherical of responsible pleas is the newest effort on the a part of the U.S. authorities to fight and disrupt North Korea’s IT employee and hacking schemes, which have been used to fund the regime’s priorities. For a number of years, North Korea has efficiently infiltrated a whole bunch of Western corporations and elsewhere, posing as distant IT employees to attract regular salaries and use them to fund its nuclear weapons program.
A few weeks in the past, the U.S. Treasury Division levied sanctions in opposition to eight people and two entities inside North Korea’s international monetary community for laundering cash for numerous illicit schemes, together with cybercrime and data expertise (IT) employee fraud.
