The U.S. Division of Justice (DoJ) on Friday introduced that 5 people have pleaded responsible to aiding North Korea’s illicit income technology schemes by enabling info expertise (IT) employee fraud in violation of worldwide sanctions.
The 5 people are listed under –
- Audricus Phagnasay, 24
- Jason Salazar, 30
- Alexander Paul Travis, 34
- Oleksandr Didenko, 28, and
- Erick Ntekereze Prince, 30
Phagnasay, Salazar, and Travis pleaded responsible to at least one rely of wire fraud conspiracy for knowingly permitting IT staff situated outdoors of the U.S. to make use of their U.S. identities between about September 2019 and November 2022 and safe jobs at American companies.
The three defendants additionally served as facilitators, internet hosting the company-issued laptops at their residences and putting in distant desktop software program on these machines with out authorization in order that the IT staff may connect with them and provides the impression that they had been working remotely inside the U.S.
Moreover, the trio is claimed to have aided the abroad IT staff in passing employer vetting procedures, with Salazar and Travis taking it to the following stage by showing for drug testing on behalf of them. Travis, then an active-duty member of the U.S. Military, acquired a minimum of $51,397 for his function within the fraudulent scheme. Phagnasay and Salazar are stated to have earned a minimum of $3,450 and $4,500, respectively.
Didenko, whose arrest was disclosed by the DoJ again in Might 2025, has pleaded responsible to wire fraud conspiracy and aggravated id theft for stealing the identities of U.S. residents and promoting them to IT staff in order that they might land jobs at 40 U.S. firms. Didenko has additionally agreed to forfeit greater than $1.4 million.
“Didenko ran an internet site utilizing a U.S.-based area, ‘Upworksell.com,’ designed to assist abroad IT staff purchase or lease stolen or borrowed identities,” the DoJ stated. “Starting in 2021, the IT staff used the identities to get employed on on-line freelance work platforms based mostly in California and Pennsylvania.”
The Ukrainian nationwide additionally paid people within the U.S. to obtain and host laptops, turning their properties into laptop computer farms for the IT staff. One such laptop computer farm was operated by Christina Marie Chapman in Arizona. Didenko’s web site has since been seized. Chapman was sentenced to eight.5 years in jail in July 2025.
Didenko is estimated to have managed as many as 871 proxy identities and facilitated the operation of a minimum of three U.S.-based laptop computer farms. He additionally enabled his abroad shoppers to entry Cash Service Transmitters reasonably than having to bodily open an account at a U.S. financial institution to switch the employment earnings to international financial institution accounts.
Rounding off the record is Prince, who has pleaded responsible to at least one rely of wire fraud conspiracy for allegedly working an organization known as Taggcar Inc. from roughly June 2020 via August 2024 to provide “licensed” IT staff to U.S. firms and for operating a laptop computer at his dwelling in Florida. Prince earned greater than $89,000 for his involvement within the IT employee fraud.
It is price noting that Prince, together with Pedro Ernesto Alonso De Los Reyes, Emanuel Ashtor, and Jin Sung-Il (진성일), Pak Jin-Music (박진성), had been indicted earlier this January for allegedly permitting North Korean IT staff to acquire work at greater than 64 U.S. firms.
The scheme netted greater than $943,069 in wage funds, most of which had been funneled again to the IT staff abroad. Ashtor is at present awaiting trial, and De Los Reyes is pending extradition from the Netherlands.
“In whole, these defendants’ fraudulent employment schemes impacted greater than 136 U.S. sufferer firms, generated greater than $2.2 million in income for the [Democratic People’s Republic of Korea] regime, and compromised the identities of greater than 18 U.S. individuals,” the DoJ stated.
In a set of associated actions, the DoJ stated it has additionally filed two civil complaints to forfeit cryptocurrency valued at greater than $15 million that the U.S. Federal Bureau of Investigation (FBI) seized in March 2025 from APT38 (aka BlueNoroff) actors. The digital belongings, the complaints allege, had been illegally obtained via hacks at abroad digital forex platforms –
- Theft of roughly $37 million from an Estonia-based digital forex funds processor in July 2023
- Theft of roughly $100 million from a Panama-based digital forex fee processor in July 2023
- Theft of roughly $138 million from a Panama-based digital forex change in November 2023, and
- Theft of roughly $107 million in digital forex from a Seychelles-based digital forex change in November 2023
“Efforts to hint, seize, and forfeit associated stolen digital forex stay ongoing, because the APT38 actors proceed to launder such funds via varied digital forex bridges, mixers, exchanges, and over-the-counter merchants,” the division added.
The brand new spherical of responsible pleas is the most recent effort on the a part of the U.S. authorities to fight and disrupt North Korea’s IT employee and hacking schemes, which have been used to fund the regime’s priorities. For a number of years, North Korea has efficiently infiltrated a whole lot of Western firms and elsewhere, posing as distant IT staff to attract regular salaries and use them to fund its nuclear weapons program.
A few weeks in the past, the U.S. Treasury Division levied sanctions towards eight people and two entities inside North Korea’s international monetary community for laundering cash for varied illicit schemes, together with cybercrime and knowledge expertise (IT) employee fraud.
