The U.S. Division of Justice (DoJ) on Friday introduced that 5 people have pleaded responsible to helping North Korea’s illicit income technology schemes by enabling data expertise (IT) employee fraud in violation of worldwide sanctions.
The 5 people are listed under –
Audricus Phagnasay, 24
Jason Salazar, 30
Alexander Paul Travis, 34
Oleksandr Didenko, 28, and
Erick Ntekereze Prince, 30
Phagnasay, Salazar, and Travis pleaded responsible to at least one rely of wire fraud conspiracy for knowingly permitting IT employees positioned outdoors of the U.S. to make use of their U.S. identities between about September 2019 and November 2022 and safe jobs at American corporations.
The three defendants additionally served as facilitators, internet hosting the company-issued laptops at their residences and putting in distant desktop software program on these machines with out authorization in order that the IT employees may connect with them and provides the impression that they had been working remotely inside the U.S.
Moreover, the trio is alleged to have aided the abroad IT employees in passing employer vetting procedures, with Salazar and Travis taking it to the subsequent stage by showing for drug testing on behalf of them. Travis, then an active-duty member of the U.S. Military, obtained a minimum of $51,397 for his position within the fraudulent scheme. Phagnasay and Salazar are mentioned to have earned a minimum of $3,450 and $4,500, respectively.
Didenko, whose arrest was disclosed by the DoJ again in Could 2025, has pleaded responsible to wire fraud conspiracy and aggravated identification theft for stealing the identities of U.S. residents and promoting them to IT employees in order that they may land jobs at 40 U.S. firms. Didenko has additionally agreed to forfeit greater than $1.4 million.
“Didenko ran an internet site utilizing a U.S.-based area, ‘Upworksell.com,’ designed to assist abroad IT employees purchase or lease stolen or borrowed identities,” the DoJ mentioned. “Starting in 2021, the IT employees used the identities to get employed on on-line freelance work platforms primarily based in California and Pennsylvania.”
The Ukrainian nationwide additionally paid people within the U.S. to obtain and host laptops, turning their properties into laptop computer farms for the IT employees. One such laptop computer farm was operated by Christina Marie Chapman in Arizona. Didenko’s website has since been seized. Chapman was sentenced to eight.5 years in jail in July 2025.
Didenko is estimated to have managed as many as 871 proxy identities and facilitated the operation of a minimum of three U.S.-based laptop computer farms. He additionally enabled his abroad shoppers to entry Cash Service Transmitters somewhat than having to bodily open an account at a U.S. financial institution to switch the employment earnings to overseas financial institution accounts.
Rounding off the checklist is Prince, who has pleaded responsible to at least one rely of wire fraud conspiracy for allegedly working an organization known as Taggcar Inc. from roughly June 2020 by way of August 2024 to provide “licensed” IT employees to U.S. firms and for working a laptop computer at his dwelling in Florida. Prince earned greater than $89,000 for his involvement within the IT employee fraud.
It is price noting that Prince, together with Pedro Ernesto Alonso De Los Reyes, Emanuel Ashtor, and Jin Sung-Il (진성일), Pak Jin-Track (박진성), had been indicted earlier this January for allegedly permitting North Korean IT employees to acquire work at greater than 64 U.S. firms.
The scheme netted greater than $943,069 in wage funds, most of which had been funneled again to the IT employees abroad. Ashtor is at the moment awaiting trial, and De Los Reyes is pending extradition from the Netherlands.
“In whole, these defendants’ fraudulent employment schemes impacted greater than 136 U.S. sufferer firms, generated greater than $2.2 million in income for the [Democratic People’s Republic of Korea] regime, and compromised the identities of greater than 18 U.S. individuals,” the DoJ mentioned.
In a set of associated actions, the DoJ mentioned it has additionally filed two civil complaints to forfeit cryptocurrency valued at greater than $15 million that the U.S. Federal Bureau of Investigation (FBI) seized in March 2025 from APT38 (aka BlueNoroff) actors. The digital belongings, the complaints allege, had been illegally obtained by way of hacks at abroad digital forex platforms –
Theft of roughly $37 million from an Estonia-based digital forex funds processor in July 2023
Theft of roughly $100 million from a Panama-based digital forex cost processor in July 2023
Theft of roughly $138 million from a Panama-based digital forex trade in November 2023, and
Theft of roughly $107 million in digital forex from a Seychelles-based digital forex trade in November 2023
“Efforts to hint, seize, and forfeit associated stolen digital forex stay ongoing, because the APT38 actors proceed to launder such funds by way of numerous digital forex bridges, mixers, exchanges, and over-the-counter merchants,” the division added.
The brand new spherical of responsible pleas is the newest effort on the a part of the U.S. authorities to fight and disrupt North Korea’s IT employee and hacking schemes, which have been used to fund the regime’s priorities. For a number of years, North Korea has efficiently infiltrated a whole lot of Western firms and elsewhere, posing as distant IT employees to attract regular salaries and use them to fund its nuclear weapons program.
A few weeks in the past, the U.S. Treasury Division levied sanctions towards eight people and two entities inside North Korea’s international monetary community for laundering cash for numerous illicit schemes, together with cybercrime and knowledge expertise (IT) employee fraud.
