U.S. DOJ: Five Individuals Plead Guilty for Enabling North Korean IT Worker Fraud Schemes

The U.S. Department of Justice (DoJ) has announced guilty pleas from five individuals involved in schemes that helped North Korea bypass international sanctions by fraudulently placing overseas IT workers into U.S. companies. These efforts generated millions of dollars in illicit revenue for the North Korean regime.

Who Was Charged?

The following individuals pleaded guilty for their roles in the coordinated fraud operations:

• Audricus Phagnasay, 24

• Jason Salazar, 30

• Alexander Paul Travis, 34

• Oleksandr Didenko, 28

• Erick Ntekereze Prince, 30

Their charges involve wire fraud conspiracy, aggravated identity theft, and facilitating North Korea’s sanctioned IT operations.

How the Scheme Worked

Providing U.S. Identities to North Korean IT Workers

Phagnasay, Salazar, and Travis admitted to allowing foreign IT workers to use their personal identities to obtain remote jobs at U.S. companies from 2019 to 2022. To further strengthen the ruse:

• They hosted company-issued laptops in their homes.

• Installed unauthorized remote-access tools, enabling overseas workers to appear as though they were working from U.S. soil.

• Assisted with background checks—including drug tests, which Salazar and Travis took on behalf of the fraudulent workers.

Travis, an active-duty U.S. Army member during the scheme, earned more than $51,000 from the illicit work. Phagnasay and Salazar earned several thousand dollars each.

Identity Theft and Laptop Farms

The Didenko Operation

Ukrainian national Oleksandr Didenko operated “Upworksell.com,” a now-seized service that sold stolen or borrowed U.S. identities to help illicit workers secure positions at roughly 40 companies. His services also included:

• Managing over 871 proxy identities

• Setting up laptop farms in U.S. residences

• Facilitating access to payment platforms to help transfer earnings overseas

One laptop farm operator, Christina Marie Chapman, was sentenced to 8.5 years in prison in 2025.

Didenko has agreed to forfeit more than $1.4 million in proceeds.

Additional Facilitators and Financial Impact

Erick Prince

Prince operated a company called Taggcar Inc. and ran a hosted laptop that enabled fraudulent work from June 2020 through August 2024. He earned more than $89,000 from the scheme.

Prince and several others had previously been indicted for helping North Korean IT workers secure jobs at more than 64 U.S. companies, generating $943,069 in salaries—almost all of which was funneled back overseas.

National Security and Financial Consequences

According to the DoJ:

• These schemes affected over 136 victim companies

• Generated more than $2.2 million for North Korea

• Compromised the personal identities of 18 U.S. citizens

This activity directly supports the Democratic People’s Republic of Korea (DPRK) regime and its weapons programs.

Related DOJ Action: Seizure of $15M in Cryptocurrency

In parallel, the DoJ filed civil forfeiture complaints for more than $15 million in cryptocurrency linked to APT38 (BlueNoroff)—a North Korean state-sponsored hacking group. The funds were tied to four major crypto thefts between 2023 and 2024, totaling nearly $400 million in stolen assets.

Investigators note that APT38 continues laundering these funds through mixers, cross-chain bridges, and OTC traders.

A Continued U.S. Crackdown

These actions represent the latest phase in a broader U.S. effort to disrupt North Korea’s cybercrime ecosystem. For years, the country has embedded operatives posing as remote IT workers inside Western organizations, generating steady income streams to fund state priorities, including nuclear development.

Earlier this month, the U.S. Treasury sanctioned eight individuals and two entities tied to North Korea’s global financial and cybercrime networks.