Five Admit to Aiding North Korean IT Infiltration of 136 U.S. Companies
The U.S. Department of Justice (DoJ) has reported that five individuals have pleaded guilty to facilitating North Korea’s illegal revenue-generating activities through a fraudulent IT worker scheme. This operation involved violations of international sanctions aimed at preventing such illicit actions.
Key Individuals Involved
- Audricus Phagnasay>, 24
- Jason Salazar>, 30
- Alexander Paul Travis>, 34
- Oleksandr Didenko>, 28
- Erick Ntekereze Prince>, 30
Details of the Scheme
The five defendants engaged in various fraudulent activities to enable overseas IT workers to secure jobs with American companies between September 2019 and November 2022. Phagnasay, Salazar, and Travis were indicted for wire fraud conspiracy, allowing foreign IT workers to impersonate U.S. citizens in the hiring process.
They managed company-issued laptops from their homes. This setup included unauthorized installation of remote desktop software. Such measures allowed overseas workers to present an illusion of working from within the U.S. Salazar and Travis even participated in drug testing for these workers.
Financial Gains
In return for their illicit actions, Travis reportedly earned $51,397. Meanwhile, Phagnasay and Salazar earned $3,450 and $4,500, respectively.
Oleksandr Didenko’s Role
Didenko, whose involvement was revealed by the DoJ in May 2025, pleaded guilty to charges of wire fraud conspiracy and aggravated identity theft. He sold stolen identities to overseas IT workers, enabling them to secure positions at 40 different U.S. companies. Didenko is set to forfeit over $1.4 million in connection with his crimes.
- Didenko operated a website, Upworksell.com, aiding IT workers to acquire stolen identities.
- He was linked to operating laptop farms in U.S. homes to assist these workers.
Christina Marie Chapman’s Involvement
One of the laptop farms was run by Christina Marie Chapman in Arizona, who received an 8.5-year prison sentence in July 2025 for her part in this scheme.
Erick Ntekereze Prince’s Actions
Prince also pleaded guilty to wire fraud conspiracy. He ran a business named Taggcar Inc. between June 2020 and August 2024, claiming to provide “certified” IT workers. His actions led to earnings exceeding $89,000.
Impact on U.S. Companies
The fraudulent activities of these defendants affected over 136 U.S. companies and resulted in more than $2.2 million in revenue for the North Korean regime. Investigations reveal that the scheme funneled salaries back to IT workers based overseas.
Related Investigations
In light of these cases, the DoJ filed civil complaints to forfeit cryptocurrency worth over $15 million. These assets were seized from actors associated with North Korea’s hacking group, APT38 (known also as BlueNoroff).
Thefts Documented
| Date | Location | Amount Stolen |
|---|---|---|
| July 2023 | Estonia | $37 million |
| July 2023 | Panama | $100 million |
| November 2023 | Panama | $138 million |
| November 2023 | Seychelles | $107 million |
Ongoing efforts continue to trace and retrieve stolen virtual currency associated with these activities. The U.S. government seeks to combat North Korea’s infiltration of Western companies through IT worker fraud schemes, which have been used to fund the nation’s nuclear ambitions.
