Five individuals have pleaded guilty to facilitating a scheme that allowed North Korean workers to fraudulently obtain remote IT jobs at U.S. companies, funneling millions of dollars to Kim Jong Un’s regime. The U.S. Department of Justice (DOJ) announced the guilty pleas Friday, revealing a years-long operation designed to circumvent international sanctions and fund North Korea’s nuclear weapons program.
The Scheme: Remote Workers, Real Money
The scheme involved U.S. and international facilitators providing North Koreans with legitimate or stolen U.S. identities, enabling them to pose as remote IT workers. These workers were then hired by 136 American companies, earning approximately $1.28 million in salaries. Most of this money was sent directly to North Korea.
The facilitators also hosted company-provided laptops in their homes across the U.S. to create the illusion that the North Korean workers were physically present. This allowed the scheme to bypass vetting procedures, including drug tests and background checks. The entire operation generated $2.2 million in revenue for the North Korean regime.
Key Participants and Their Roles
Three U.S. nationals – Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis – pleaded guilty to wire fraud conspiracy. Travis, an active-duty U.S. Army servicemember at the time, earned over $50,000 for his involvement, while Phagnasay and Salazar received $3,500 and $4,500, respectively.
Erick Ntekereze Prince, who operated a company called Taggcar, supplied U.S. companies with allegedly “certified” IT workers, knowing they were based overseas and using stolen or fake identities. Prince hosted laptops with remote access software in Florida and earned over $89,000.
Ukrainian national Oleksandr Didenko stole U.S. citizens’ identities and sold them to North Koreans, enabling them to secure jobs at over 40 U.S. companies. Didenko earned hundreds of thousands of dollars and has agreed to forfeit $1.4 million.
Broader Implications and U.S. Response
This case highlights North Korea’s sophisticated use of cybercrime to fund its weapons programs. For years, the regime has successfully infiltrated Western companies, exploiting remote work arrangements to launder money. The U.S. government has responded with indictments, sanctions, and increased scrutiny of remote IT hiring practices.
The DOJ has also seized over $15 million in cryptocurrency stolen by North Korean hackers in 2023, demonstrating a commitment to disrupting these operations.
“These prosecutions make one point clear: the United States will not permit [North Korea] to bankroll its weapons programs by preying on American companies and workers,” U.S. Attorney Jason A. Reding Quiñones said in a statement. “We will keep working with our partners across the Justice Department to uncover these schemes, recover stolen funds, and pursue every individual who enables North Korea’s operations.”
The case underscores the growing threat of state-sponsored cybercrime and the challenges of enforcing sanctions in the digital age. As remote work becomes increasingly prevalent, companies must remain vigilant against fraud and ensure robust vetting procedures to prevent exploitation by hostile actors
