The U.S. Division of Justice (DoJ) on Friday introduced that 5 people have pleaded responsible to helping North Korea’s illicit income technology schemes by enabling info expertise (IT) employee fraud in violation of worldwide sanctions.
The 5 people are listed under –
- Audricus Phagnasay, 24
- Jason Salazar, 30
- Alexander Paul Travis, 34
- Oleksandr Didenko, 28, and
- Erick Ntekereze Prince, 30
Phagnasay, Salazar, and Travis pleaded responsible to at least one rely of wire fraud conspiracy for knowingly permitting IT employees positioned outdoors of the U.S. to make use of their U.S. identities between about September 2019 and November 2022 and safe jobs at American corporations.
The three defendants additionally served as facilitators, internet hosting the company-issued laptops at their residences and putting in distant desktop software program on these machines with out authorization in order that the IT employees may connect with them and provides the impression that they have been working remotely throughout the U.S.
Moreover, the trio is claimed to have aided the abroad IT employees in passing employer vetting procedures, with Salazar and Travis taking it to the subsequent stage by showing for drug testing on behalf of them. Travis, then an active-duty member of the U.S. Military, acquired not less than $51,397 for his function within the fraudulent scheme. Phagnasay and Salazar are stated to have earned not less than $3,450 and $4,500, respectively.
Didenko, whose arrest was disclosed by the DoJ again in Could 2025, has pleaded responsible to wire fraud conspiracy and aggravated identification theft for stealing the identities of U.S. residents and promoting them to IT employees in order that they may land jobs at 40 U.S. corporations. Didenko has additionally agreed to forfeit greater than $1.4 million.
“Didenko ran a web site utilizing a U.S.-based area, ‘Upworksell.com,’ designed to assist abroad IT employees purchase or hire stolen or borrowed identities,” the DoJ stated. “Starting in 2021, the IT employees used the identities to get employed on on-line freelance work platforms based mostly in California and Pennsylvania.”
The Ukrainian nationwide additionally paid people within the U.S. to obtain and host laptops, turning their properties into laptop computer farms for the IT employees. One such laptop computer farm was operated by Christina Marie Chapman in Arizona. Didenko’s web site has since been seized. Chapman was sentenced to eight.5 years in jail in July 2025.
Didenko is estimated to have managed as many as 871 proxy identities and facilitated the operation of not less than three U.S.-based laptop computer farms. He additionally enabled his abroad shoppers to entry Cash Service Transmitters quite than having to bodily open an account at a U.S. financial institution to switch the employment earnings to overseas financial institution accounts.
Rounding off the record is Prince, who has pleaded responsible to at least one rely of wire fraud conspiracy for allegedly working an organization referred to as Taggcar Inc. from roughly June 2020 via August 2024 to produce “licensed” IT employees to U.S. corporations and for working a laptop computer at his dwelling in Florida. Prince earned greater than $89,000 for his involvement within the IT employee fraud.
It is price noting that Prince, together with Pedro Ernesto Alonso De Los Reyes, Emanuel Ashtor, and Jin Sung-Il (진성일), Pak Jin-Music (박진성), have been indicted earlier this January for allegedly permitting North Korean IT employees to acquire work at greater than 64 U.S. corporations.
The scheme netted greater than $943,069 in wage funds, most of which have been funneled again to the IT employees abroad. Ashtor is at the moment awaiting trial, and De Los Reyes is pending extradition from the Netherlands.
“In complete, these defendants’ fraudulent employment schemes impacted greater than 136 U.S. sufferer corporations, generated greater than $2.2 million in income for the [Democratic People’s Republic of Korea] regime, and compromised the identities of greater than 18 U.S. individuals,” the DoJ stated.
In a set of associated actions, the DoJ stated it has additionally filed two civil complaints to forfeit cryptocurrency valued at greater than $15 million that the U.S. Federal Bureau of Investigation (FBI) seized in March 2025 from APT38 (aka BlueNoroff) actors. The digital belongings, the complaints allege, have been illegally obtained via hacks at abroad digital forex platforms –
- Theft of roughly $37 million from an Estonia-based digital forex funds processor in July 2023
- Theft of roughly $100 million from a Panama-based digital forex cost processor in July 2023
- Theft of roughly $138 million from a Panama-based digital forex alternate in November 2023, and
- Theft of roughly $107 million in digital forex from a Seychelles-based digital forex alternate in November 2023
“Efforts to hint, seize, and forfeit associated stolen digital forex stay ongoing, because the APT38 actors proceed to launder such funds via varied digital forex bridges, mixers, exchanges, and over-the-counter merchants,” the division added.
The brand new spherical of responsible pleas is the most recent effort on the a part of the U.S. authorities to fight and disrupt North Korea’s IT employee and hacking schemes, which have been used to fund the regime’s priorities. For a number of years, North Korea has efficiently infiltrated a whole lot of Western corporations and elsewhere, posing as distant IT employees to attract regular salaries and use them to fund its nuclear weapons program.
A few weeks in the past, the U.S. Treasury Division levied sanctions towards eight people and two entities inside North Korea’s international monetary community for laundering cash for varied illicit schemes, together with cybercrime and data expertise (IT) employee fraud.
