Four Americans and one Ukrainian national have pleaded guilty to participating in an international scheme that helped North Koreans pose as remote IT workers inside U.S. companies, ultimately funneling millions of dollars to Pyongyang’s weapons program, according to the U.S. Justice Department.
Federal officials said the yearslong operation affected at least 136 U.S. companies and generated more than $2.2 million in revenue for North Korea. The case is part of a broader push by the U.S. and its allies to dismantle the extensive remote-IT worker fraud network, which has targeted businesses worldwide, including many Fortune 500 firms.
In Georgia, U.S. citizens Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis pleaded guilty this week to one count of wire fraud conspiracy. Prosecutors say they allowed North Korean operatives to use their identities to secure jobs at American companies, helped them navigate employer vetting processes, and stored employer-issued laptops in their homes.
The Justice Department said the scheme ran from 2019 to 2022. Travis—an active-duty U.S. Army member—received more than $50,000, while Phagnasay and Salazar earned at least $3,450 and $4,500, respectively. U.S. employers paid roughly $1.28 million in salaries to these fake workers, most of which was transferred overseas.
Separately, U.S. national Erick Ntekereze Prince pleaded guilty in Florida to one count of wire fraud conspiracy. He is accused of using his company to place North Korean IT workers in U.S. jobs between 2020 and 2024 and storing corporate laptops at residences in Florida. Prince—indicted in January alongside two North Koreans and one Mexican national—allegedly earned $89,000 through the scheme.
In Washington, Ukrainian national Oleksandr Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft. He is accused of stealing the identities of American citizens and selling them to overseas operatives. Authorities say at least 40 U.S. companies unknowingly hired these fraudulent workers.
“These actions demonstrate the department’s comprehensive approach to disrupting North Korean efforts to finance their weapons program on the backs of Americans,” said Assistant Attorney General for National Security John Eisenberg.
Federal officials also filed a civil forfeiture action in Washington seeking to permanently seize roughly $15 million in virtual currency recovered from North Korean hacking group APT38 earlier this year.
U.S. law enforcement has been increasing efforts to dismantle the scheme. In June, investigators searched 29 laptop farms across 16 states, seizing hundreds of devices, accounts, and websites used to support the operation.
Authorities warn that the scam is expanding internationally. Partners in Japan and South Korea have recently collaborated with the U.S. to raise awareness about the tactics North Korean IT workers use to infiltrate companies worldwide.
