The U.S. Justice Department announced five guilty pleas from individuals who aided North Korean remote IT workers in infiltrating U.S. companies. These schemes generated over $2.2 million for North Korea's regime and compromised U.S. identities. Additionally, officials seized $15 million in cryptocurrency linked to North Korean hackers.
Federal prosecutors have made significant progress in combating North Korea's schemes to place remote IT workers in U.S. businesses and launder stolen cryptocurrency. On Monday, Oleksandr Didenko, a 28-year-old Ukrainian national, pleaded guilty in the U.S. District Court for the District of Columbia to wire fraud conspiracy and aggravated identity theft. Didenko operated upworksell.com to sell stolen U.S. identities, enabling North Korean IT workers to secure jobs at 40 U.S. companies. He managed up to 871 identities through laptop farms in Virginia, Tennessee, and California, paying U.S. co-conspirators to host them.
In late 2023, Didenko sent a computer to a laptop farm run by Christina Chapman in Arizona, who was arrested in May 2024 and sentenced to 102 months in prison. Following her arrest, Didenko's site was seized. He was arrested by Polish police in late 2024 and extradited to the United States, agreeing to forfeit more than $1.4 million. His sentencing is set for February 19, 2026.
On Thursday, three U.S. nationals—Audricus Phagnasay, 24; Jason Salazar, 30; and Alexander Paul Travis, 34—pleaded guilty in the U.S. District Court for the Southern District of Georgia to wire fraud conspiracy. They hosted company laptops at their homes, installed remote-access software, and helped North Korean workers pass vetting processes, including Travis and Salazar taking drug tests on their behalf. From September 2019 to November 2022, their efforts facilitated $1.28 million in salaries from U.S. companies, with Travis receiving about $51,000, Phagnasay $3,500, and Salazar $4,500.
Last week, Erick Ntekereze Prince, 30, pleaded guilty in the U.S. District Court for the Southern District of Florida to wire fraud conspiracy. Through his company Taggcar, Prince supplied IT workers from June 2020 to August 2024, earning over $89,000 by hosting laptops in Florida residences. Indicted in January 2025 with co-conspirators, the group placed workers at 64 U.S. companies, securing nearly $950,000 in salaries.
Collectively, these five individuals impacted over 136 U.S. companies, generated more than $2.2 million for North Korea, and compromised at least 18 U.S. identities. "These actions demonstrate the department’s comprehensive approach to disrupting North Korean efforts to finance their weapons program on the backs of Americans," said John A. Eisenberg, assistant attorney general for national security. "The department will use every available tool to protect our nation from this regime’s depredations."
In a related action, the Justice Department seized more than $15 million in cryptocurrency from APT38, a North Korean-linked hacking group, traced to four virtual currency heists in 2023.