U.S. Justice Department Takes Action Against North Korean Fraud Network
On Friday, the U.S. Department of Justice (DoJ) announced significant developments in the ongoing fight against North Korean cybercrime. Five individuals have entered guilty pleas for their roles in helping North Korea generate illicit revenue by enabling fraud schemes involving information technology (IT) workers. These activities are in direct violation of international sanctions and have been a part of North Korea’s broader strategy to fund its operations.
Who Are the Guilty Parties?
The five individuals implicated in this case are:
- Audricus Phagnasay, 24
- Jason Salazar, 30
- Alexander Paul Travis, 34
- Oleksandr Didenko, 28
- Erick Ntekereze Prince, 30
Each of these defendants contributed to a scheme that exploited U.S. employment systems for personal gain and, ultimately, for the North Korean regime.
The Scheme Unveiled
Phagnasay, Salazar, and Travis have admitted to conspiring in wire fraud by permitting IT workers located outside the U.S. to assume their American identities between approximately September 2019 and November 2022. This arrangement enabled these workers to secure jobs with American firms while creating a façade of legitimacy.
These three individuals also facilitated the IT workers’ employment by hosting company laptops in their homes. Importantly, they installed unauthorized remote desktop software, allowing foreign IT workers to connect to these laptops and make it appear as though they were working from within the United States. Additionally, Salazar and Travis took extraordinary measures by standing in for drug tests on behalf of these workers. Notably, Travis, who was serving in the U.S. Army at the time, reportedly gained over $51,000 for his involvement in this fraudulent enterprise, while Phagnasay and Salazar garnered $3,450 and $4,500, respectively.
Identity Theft and Online Fraud
Oleksandr Didenko is facing grave charges, including wire fraud conspiracy and aggravated identity theft. He admitted to stealing the identities of U.S. citizens and selling these identities to foreign IT workers to help them secure jobs at various U.S. firms. Didenko managed a website named Upworksell.com, specifically crafted to assist overseas IT workers in acquiring stolen identities. Since 2021, these identities were used to obtain positions on online freelance platforms based in locations such as California and Pennsylvania.
Didenko’s fraudulent operations extended to establishing laptop farms in the U.S. where individuals rented their homes to host equipment for the overseas workers. A significant case involves Christina Marie Chapman from Arizona, who was sentenced to 8.5 years in prison for her role. Didenko is estimated to have orchestrated operations involving up to 871 stolen identities while also enabling clients to access U.S. banking services without needing a physical presence.
Additional Involvement and Financial Gains
Erick Ntekereze Prince has also cheered a guilty plea, admitting to running Taggcar Inc., which purportedly supplied “certified” IT workers to U.S. companies. Prince operated from June 2020 until August 2024, utilizing a laptop from his Florida home to facilitate these operations, earning over $89,000 in the process.
Earlier indictments involving Prince and others revealed a more extensive network that allowed North Korean IT workers to obtain employment across 64 U.S. companies, aiding the regime by generating approximately $943,000 in salary payments, much of which was redirected to overseas accounts.
The Bigger Picture
According to the Justice Department, these fraudulent operations impacted over 136 U.S. companies, generating at least $2.2 million in revenue for the North Korean government and compromising the identities of more than 18 U.S. citizens. This pattern of fraud is a part of a larger effort by North Korea to fund its nuclear weapons programs through illicit means.
Civil Actions and Continuing Investigations
In related actions, the DoJ has initiated two civil complaints to forfeit more than $15 million in cryptocurrency seized from APT38 operations. These digital assets were reportedly acquired through various hacks on international virtual currency platforms. The ongoing investigations are examining multiple high-stakes thefts that have affected financial systems worldwide.
The U.S. government remains focused on dismantling North Korea’s extensive network of cybercrime and illicit IT worker operations. Recent sanctions imposed by the U.S. Treasury Department against multiple individuals and entities underline the seriousness of these fraudulent schemes and their broader implications for international security and financial integrity.
