Five People Plead Guilty to Helping North Koreans Infiltrate U.S. Companies as Remote IT Workers

Five people have pleaded guilty to helping North Korean nationals infiltrate U.S. companies by posing as remote IT workers, according to the U.S. Department of Justice (DOJ).

The DOJ said the individuals acted as “facilitators,” helping North Koreans fraudulently secure employment by providing their own legitimate identities — or by using false and stolen identities of more than a dozen U.S. citizens. They also hosted company-issued laptops in their homes across the country to make it appear as though the North Korean workers were based in the U.S.

Authorities said the scheme targeted 136 U.S. companies and generated $2.2 million for Kim Jong Un’s regime.

A Long-Running Cybercrime Operation

The guilty pleas mark the latest step in the U.S. government’s ongoing campaign to dismantle North Korea’s global cybercrime and fraud networks.

For years, North Korean operatives have infiltrated Western companies — often posing as remote IT workers, investors, or recruiters — as part of a broader strategy to fund the country’s internationally sanctioned nuclear weapons program.

In response, U.S. law enforcement has ramped up enforcement actions, issuing indictments and imposing sanctions on international fraud rings linked to Pyongyang.

“These prosecutions make one point clear: the United States will not permit [North Korea] to bankroll its weapons programs by preying on American companies and workers,” said U.S. Attorney Jason A. Reding Quiñones. “We will continue to uncover these schemes, recover stolen funds, and pursue every individual who enables North Korea’s operations.”

Who Was Involved

Three of the defendants — Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis — all U.S. nationals, each pleaded guilty to one count of wire fraud conspiracy.

Prosecutors said the trio helped North Koreans pretending to be legitimate IT professionals — fully aware they were located outside the U.S. — to bypass background checks, pass drug tests, and remotely access company laptops that appeared to be operating from within the U.S.

• Travis, an active-duty member of the U.S. Army during the scheme, earned over $50,000.
• Phagnasay and Salazar received at least $3,500 and $4,500, respectively.

According to the DOJ, the U.S. companies involved paid roughly $1.28 million in total salaries, most of which was funnelled back to the North Korean operatives overseas.

The Facilitators and Identity Brokers

A fourth defendant, Erick Ntekereze Prince, ran a company called Taggcar, which provided U.S. businesses with supposedly “certified” IT workers. Prince allegedly knew the individuals were working abroad and using stolen or fake identities.

He also hosted multiple laptops with remote-access software at various homes in Florida, earning over $89,000 for his role in the scheme, according to prosecutors.

The fifth defendant, Ukrainian national Oleksandr Didenko, pleaded guilty to one count of wire fraud conspiracy and one count of aggravated identity theft. Didenko was accused of stealing and selling U.S. citizens’ identities to North Koreans so they could obtain IT jobs at more than 40 American companies.

Prosecutors said Didenko earned hundreds of thousands of dollars and agreed to forfeit $1.4 million as part of his plea deal.

Crypto Crackdown and Broader Implications

The DOJ also announced it had frozen and seized over $15 million in cryptocurrency stolen in 2023 by North Korean hackers targeting multiple crypto platforms.

Crypto theft remains one of North Korea’s most profitable cyber tactics. According to U.S. officials, hackers linked to the regime have stolen more than $650 million in cryptocurrency in 202, and over $2 billion so far this year.

The DOJ said such operations underscore the global scale and financial sophistication of North Korea’s cyber programs — and reaffirm the need for international cooperation to counter them.