Five individuals have pleaded guilty to aiding North Koreans in defrauding U.S. companies by posing as remote IT workers, according to the U.S. Department of Justice (DOJ). The facilitators helped North Korean nationals secure jobs by providing their own identities or false and stolen identities of U.S. citizens, and hosted company-issued laptops in their homes to make it appear as though the North Koreans were based in the U.S.
The scheme, which affected 136 U.S. companies, generated $2.2 million in revenue for North Korea’s Kim Jong Un regime. The DOJ’s announcement is part of a broader effort by U.S. authorities to disrupt North Korea’s cybercrime activities, which have been used to fund the country’s internationally sanctioned nuclear weapons program.
North Korea’s Cybercrime Tactics
For years, North Korea has successfully infiltrated hundreds of Western companies by posing as remote IT workers, investors, and recruiters. The country’s cybercrime activities have become increasingly sophisticated, allowing it to evade detection and generate significant revenue. The U.S. government has responded by indicting individuals involved in the scheme and imposing sanctions on international fraud networks.
The five individuals who pleaded guilty were involved in various aspects of the scheme. Three U.S. nationals – Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis – pleaded guilty to wire fraud conspiracy for helping North Koreans pose as legitimate IT workers. They provided their own identities, helped the North Koreans access company-issued laptops, and assisted them in passing vetting procedures.
Financial Gains and Losses
Travis, who was an active U.S. Army servicemember at the time, earned over $50,000 from the scheme, while Phagnasay and Salazar received at least $3,500 and $4,500, respectively. The scheme resulted in U.S. companies paying around $1.28 million in salaries, most of which was sent to the North Korean IT workers overseas. Erick Ntekereze Prince, another U.S. national, ran a company called Taggcar, which supplied “certified” IT workers to U.S. companies, but he knew that the workers were based outside the country and using stolen or fake identities.
Prince hosted laptops with remote access software at several residences in Florida and earned over $89,000 from the scheme. Meanwhile, Ukrainian national Oleksandr Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing U.S. citizens’ identities and selling them to North Koreans, allowing them to secure jobs at over 40 U.S. companies. Didenko earned hundreds of thousands of dollars from this service and agreed to forfeit $1.4 million as part of his guilty plea.
Cryptocurrency and Cybercrime
The DOJ also announced that it had frozen and seized over $15 million in cryptocurrency stolen by North Korean hackers in 2023 from several crypto platforms. Cryptocurrency companies, exchanges, and blockchain projects have become a favorite target for North Korean hackers, who have stolen over $650 million in crypto this year alone. The total amount stolen by North Korean hackers has exceeded $2 billion so far this year.
The U.S. government’s efforts to disrupt North Korea’s cybercrime activities are ongoing. The DOJ’s actions demonstrate its commitment to holding individuals accountable for their role in enabling North Korea’s illicit activities. As the situation continues to unfold, it remains to be seen what further measures the U.S. government will take to address the issue. The next steps in the investigation and potential future indictments will be closely watched.
