Key Findings:

• Five individuals have pleaded guilty to assisting North Korea's illicit revenue generation schemes by enabling information technology (IT) worker fraud in violation of international sanctions.

• The five defendants are Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, Oleksandr Didenko, and Erick Ntekereze Prince.

• The defendants facilitated the use of stolen U.S. identities by North Korean IT workers to secure jobs at American firms, hosted company-issued laptops at their residences, and aided the overseas workers in passing employer vetting procedures.

• In total, the fraudulent employment schemes impacted more than 136 U.S. victim companies, generated more than $2.2 million in revenue for the North Korean regime, and compromised the identities of more than 18 U.S. persons.

Background

The U.S. Department of Justice (DoJ) announced that five individuals have pleaded guilty to assisting North Korea's illicit revenue generation schemes by enabling information technology (IT) worker fraud in violation of international sanctions. The five defendants are Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, Oleksandr Didenko, and Erick Ntekereze Prince.

Phagnasay, Salazar, and Travis

Phagnasay, Salazar, and Travis pleaded guilty to one count of wire fraud conspiracy for knowingly allowing IT workers located outside of the U.S. to use their U.S. identities between about September 2019 and November 2022 and secure jobs at American firms. The three defendants also served as facilitators, hosting the company-issued laptops at their residences and installing remote desktop software on those machines without authorization so that the IT workers could connect to them and give the impression that they were working remotely within the U.S. Furthermore, the trio is said to have aided the overseas IT workers in passing employer vetting procedures, with Salazar and Travis taking it to the next level by appearing for drug testing on behalf of them.

Oleksandr Didenko

Didenko has pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to IT workers so that they could land jobs at 40 U.S. companies. Didenko has also agreed to forfeit more than $1.4 million.

Erick Ntekereze Prince

Prince has pleaded guilty to one count of wire fraud conspiracy for allegedly operating a company called Taggcar Inc. from approximately June 2020 through August 2024 to supply "certified" IT workers to U.S. companies and for running a laptop at his home in Florida. Prince earned more than $89,000 for his involvement in the IT worker fraud.

Broader Scope

In a set of related actions, the DoJ said it has also filed two civil complaints to forfeit cryptocurrency valued at more than $15 million that the U.S. Federal Bureau of Investigation (FBI) seized in March 2025 from APT38 (aka BlueNoroff) actors. The digital assets, the complaints allege, were illegally obtained through hacks at overseas virtual currency platforms.

Sources

• https://thehackernews.com/2025/11/five-us-citizens-plead-guilty-to.html

• https://www.yahoo.com/news/articles/4-americans-plead-guilty-helping-223815399.html

• https://x.com/TweetThreatNews/status/1989573072685236444

• https://techcrunch.com/2025/11/14/five-people-plead-guilty-to-helping-north-koreans-infiltrate-us-companies-as-remote-it-workers/

• https://ground.news/article/five-people-plead-guilty-to-helping-north-koreans-infiltrate-us-companies-as-remote-it-workers