The U.S. Department of Justice (DoJ) announced on Friday that five people have admitted guilt in connection with aiding North Korea’s illicit revenue schemes by facilitating IT worker fraud, violating international sanctions.
Defendants Involved
The individuals are:
- Audricus Phagnasay, 24
- Jason Salazar, 30
- Alexander Paul Travis, 34
- Oleksandr Didenko, 28
- Erick Ntekereze Prince, 30
Phagnasay, Salazar, and Travis admitted to one count of wire fraud conspiracy. They knowingly allowed IT workers outside the U.S. to use their American identities between September 2019 and November 2022 to secure jobs in U.S. companies.
The trio also hosted company-issued laptops at their homes, installed remote desktop software without authorization, and assisted overseas IT workers in passing employment vetting procedures. Salazar and Travis even completed drug tests on behalf of the foreign IT workers. Travis, then an active U.S. Army member, earned at least $51,397, while Phagnasay and Salazar earned approximately $3,450 and $4,500, respectively.
Didenko’s Role
Oleksandr Didenko, arrested in May 2025, pled guilty to wire fraud conspiracy and aggravated identity theft. He stole U.S. citizens’ identities and sold them to IT workers, enabling employment at 40 U.S. companies. He operated the website Upworksell.com to help overseas workers buy or rent stolen identities, which were used on online freelance platforms based in California and Pennsylvania starting in 2021.
Didenko also created U.S.-based laptop farms, including one run by Christina Marie Chapman in Arizona. Chapman received an 8.5-year prison sentence in July 2025. Didenko managed up to 871 proxy identities and helped overseas clients transfer employment income via Money Service Transmitters, bypassing the need to open U.S. bank accounts. He has agreed to forfeit over $1.4 million.
Prince and Associated Indictments
Erick Ntekereze Prince pled guilty to wire fraud conspiracy for operating Taggcar Inc. from June 2020 to August 2024, providing certified IT workers to U.S. companies, and hosting a laptop farm in Florida. Prince earned over $89,000 from the scheme.
Prince, along with Pedro Ernesto Alonso De Los Reyes, Emanuel Ashtor, Jin Sung-Il (진성일), and Pak Jin-Song (박진성), were previously indicted for helping North Korean IT workers secure jobs at more than 64 U.S. firms. The scheme generated over $943,069 in salaries, largely sent overseas, affecting more than 136 companies and compromising over 18 U.S. identities while raising $2.2 million for the North Korean regime.
Related Cryptocurrency Seizures
The DoJ also filed civil complaints to seize cryptocurrency worth over $15 million, confiscated by the FBI in March 2025 from APT38 (aka BlueNoroff) actors. These digital assets were illegally obtained through hacks on overseas virtual currency platforms, including:
- $37 million stolen from an Estonia-based processor in July 2023
- $100 million from a Panama-based processor in July 2023
- $138 million from a Panama-based exchange in November 2023
- $107 million from a Seychelles-based exchange in November 2023
Efforts to trace, seize, and recover stolen cryptocurrency are ongoing as APT38 actors continue laundering funds through various platforms.
The recent guilty pleas highlight U.S. efforts to disrupt North Korea’s IT worker and hacking operations, which have been used to fund the regime’s nuclear program. The Treasury Department recently imposed sanctions on eight individuals and two North Korean entities for laundering money through cybercrime and IT worker fraud.
