Five people plead guilty to helping North Koreans infiltrate US companies as ‘remote IT workers’

In a significant development, five individuals have confessed to their involvement in a scheme that allowed North Koreans to defraud U.S. businesses by masquerading as remote IT workers. This announcement was made by the U.S. Department of Justice on Friday. These individuals acted as 'facilitators,' aiding North Koreans in securing jobs by either using their own real identities or employing false identities belonging to over a dozen U.S. citizens. To further this deception, they hosted company-issued laptops in their homes across the United States, creating the illusion that these North Korean workers were based locally. The ramifications of their actions impacted 136 American companies, generating approximately $2.2 million in revenue for Kim Jong Un’s regime, according to the DOJ. This recent round of guilty pleas is part of a prolonged initiative by U.S. authorities aimed at dismantling North Korea's cybercrime operations. For several years, North Korea has infiltrated numerous Western firms, posing as remote IT workers, investors, and recruiters, all to fund its internationally condemned nuclear weapons program. In response, the U.S. government has ramped up efforts, issuing indictments against individuals involved in these fraudulent activities and enforcing sanctions on global fraud networks. U.S. Attorney Jason A. Reding Quiñones emphasized the seriousness of these prosecutions, stating, "The United States will not allow [North Korea] to finance its weapons programs by exploiting American companies and workers. We will continue to collaborate with our partners at the Justice Department to expose these schemes, recover stolen funds, and pursue every individual who supports North Korea’s operations." Among those who pleaded guilty are U.S. nationals Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis, all of whom admitted to one count of wire fraud conspiracy. Prosecutors allege that they assisted North Koreans—whom they knew were operating from outside the U.S.—in using their identities to gain employment, facilitated remote access to company laptops, and helped the North Koreans navigate vetting processes, including drug tests. During the course of this scheme, Travis, who was actively serving in the U.S. Army, earned over $50,000, while Phagnasay and Salazar received at least $3,500 and $4,500, respectively. The total payout to U.S. companies reached approximately $1.28 million in salaries, most of which was funneled to the North Korean IT workers abroad. Erick Ntekereze Prince, another U.S. national who ran a company called Taggcar, was also implicated. He allegedly provided purportedly "certified" IT workers, knowing they were not based in the U.S. and were using stolen identities. Prince hosted laptops equipped with remote access software in several Florida residences, earning more than $89,000 for his involvement. Additionally, Ukrainian national Oleksandr Didenko pleaded guilty to one count of wire fraud conspiracy and another count of aggravated identity theft. Prosecutors claim he stole the identities of U.S. citizens and sold them to North Koreans, enabling them to secure jobs at over 40 U.S. firms. Didenko reportedly earned hundreds of thousands of dollars for these services and agreed to forfeit $1.4 million as part of his plea deal. The DOJ also revealed it has frozen and seized more than $15 million in cryptocurrency that North Korean hackers stole from various crypto platforms in 2023. North Korean hackers have increasingly targeted cryptocurrency companies, exchanges, and blockchain projects, amassing over $650 million in crypto thefts in 2024 alone and exceeding $2 billion year-to-date.