14.11.2025
2 min
447
The US Department of Justice (DOJ) announced that five individuals have pleaded guilty to assisting North Korean IT specialists who posed as American workers to infiltrate US companies, commit fraud, and funnel money to the DPRK regime.
According to court filings, four US nationals and one Ukrainian helped North Korean actors obtain remote employment with American companies by using stolen or falsified identities of US citizens. They hosted company-issued laptops in their homes and installed remote access software to make it appear as if the workers were based inside the United States.
Between September 2019 and November 2022, the operation targeted more than 136 companies, generating over $2.2 million for the North Korean regime and compromising at least 18 American identities.
Those charged include Audricus Phagnasay (24), Jason Salazar (30), and Alexander Paul Travis (34) — each pleaded guilty to wire fraud conspiracy.The DOJ noted that Travis, an active-duty US Army member, and Salazar even took drug tests on behalf of the North Korean workers to help them pass employment screening.
The defendants earned thousands from the scheme — Travis received $51,000, while Phagnasay and Salazar made $3,450 and $4,500 respectively.
Another participant, US national Erick Ntekereze Prince (30), used his company Taggcar Inc. to hire and contract “certified” IT specialists who he knew were operating abroad with stolen credentials. He was paid over $89,000.
Ukrainian national Oleksandr Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft. He ran an identity-selling operation enabling North Korean IT workers to secure employment at 40 US companies. He agreed to forfeit $1.4 million in cash and cryptocurrency.US Attorney Jeanine Ferris Pirro for the District of Columbia stated that North Korea is “focused on stealing and selling American identities to fund its weapons programs.” Experts say that roughly one-third of North Korea’s foreign currency earnings in 2024 came from crypto hacks and cyber-enabled fraud.
In October 2025, the US, Australia, Canada, France, Germany, Italy, Japan, the Netherlands, New Zealand, South Korea, and the UK jointly called on the UN to hold DPRK accountable for its ongoing cyber operations violating international sanctions.
The case underscores how North Korea weaponizes cyberspace to sustain its sanctioned economy. By exploiting global remote-work systems, the regime has found new ways to infiltrate corporate networks and fund weapons programs under the guise of legitimate IT employment. For global businesses, this case is a stark reminder: cybersecurity now extends beyond servers — it starts with verifying who’s really behind the screen.
