North Korea IT Workers: Five Plead Guilty to US Company Infiltration

North Korean IT Worker Fraud: Five Plead Guilty to Facilitating Scheme

The U.S. Department of Justice (DOJ) revealed on Friday that five individuals have admitted guilt for their involvement in assisting North Korean operatives in defrauding U.S. businesses. These individuals misrepresented themselves as remote IT professionals.

Role of the Facilitators

The five are accused of functioning as “facilitators,” actively aiding North Koreans in securing employment. This was achieved through the provision of genuine personal identities, or alternatively, through the utilization of falsified or stolen identities belonging to over a dozen U.S. citizens.

Furthermore, these facilitators provided lodging for company-issued laptops within their U.S. residences. This practice was implemented to create the illusion that the North Korean workers were physically located within the country, as detailed in the DOJ’s official statement.

Financial Impact and Ongoing Efforts

The DOJ stated that these actions impacted a total of 136 U.S. companies, generating $2.2 million in revenue for the Kim Jong Un regime.

This recent development represents a continuation of a sustained, multi-year initiative by U.S. authorities to dismantle North Korea’s capacity to generate funds through illicit cyber activities. For a considerable period, North Korea has successfully infiltrated numerous Western organizations.

Scheme Details and Government Response

North Korean actors have posed as remote IT workers, investors, and recruiters in a scheme designed to finance its internationally sanctioned nuclear weapons program. In response, the U.S. government has intensified its efforts, issuing indictments against those involved and imposing sanctions on international fraud networks.

“These prosecutions unequivocally demonstrate that the United States will not allow [North Korea] to fund its weapons programs by exploiting American companies and workers,” declared U.S. Attorney Jason A. Reding Quiñones in a press release. “Our commitment to uncovering these schemes, recovering stolen funds, and prosecuting all those who enable North Korea’s operations remains steadfast.”

Guilty Pleas and Individual Involvement

Three U.S. nationals – Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis – each pleaded guilty to a single count of wire fraud conspiracy.

Prosecutors allege that these three individuals assisted North Koreans in assuming the roles of legitimate IT workers. They knowingly provided their own identities to facilitate employment for individuals working outside the United States.

They also enabled remote access to company-issued laptops housed in their homes and assisted the North Korean workers in navigating vetting procedures, including drug screenings.

Travis, identified as an active member of the U.S. Army during the scheme, reportedly earned over $50,000. Phagnasay and Salazar received at least $3,500 and $4,500, respectively. Approximately $1.28 million in salaries was disbursed by U.S. companies, with the majority being sent to the North Korean IT workers abroad.

Additional Participants and Charges

Erick Ntekereze Prince, a U.S. national and operator of Taggcar, also pleaded guilty. His company purportedly supplied U.S. businesses with “certified” IT workers, despite knowing they were located outside the country and using fraudulent identities.

Prince hosted laptops equipped with remote access software at multiple locations in Florida, earning over $89,000 for his involvement.

Oleksandr Didenko, a Ukrainian national, pleaded guilty to one count of wire fraud conspiracy and one count of aggravated identity theft. He is accused of stealing the identities of U.S. citizens and selling them to North Koreans to secure employment at over 40 U.S. companies.

Didenko reportedly earned hundreds of thousands of dollars from this activity and has agreed to forfeit $1.4 million as part of his plea agreement.

Cryptocurrency Seizures

The DOJ further announced the freezing and seizure of over $15 million in cryptocurrency stolen in 2023 by North Korean hackers from various crypto platforms.

Cryptocurrency platforms, exchanges, and blockchain projects have become primary targets for North Korean hackers. They have stolen more than $650 million in crypto in 2024, and exceeding $2 billion to date this year.