Five people have pleaded guilty to orchestrating an elaborate scheme that helped North Korean IT workers infiltrate 136 US companies as remote employees, netting Kim Jong Un's regime $2.2 million in wages. The Department of Justice announced the guilty pleas Friday as part of its ongoing crackdown on North Korea's cybercrime operations that fund the country's nuclear weapons program.
The Department of Justice just pulled back the curtain on one of North Korea's most sophisticated infiltration operations yet. Five people - including four US nationals - have pleaded guilty to running a sprawling scheme that helped North Korean IT workers pose as legitimate remote employees at 136 American companies.
The operation wasn't just sophisticated - it was profitable. Kim Jong Un's regime pocketed $2.2 million from the scheme, while US companies unknowingly paid out $1.28 million in salaries to workers they thought were based domestically.
Here's how the scam worked: The facilitators provided real or stolen identities from US nationals, hosted company-issued laptops in homes across America to create the illusion of local workers, and even helped the North Korean operatives pass drug tests and background screenings. "These prosecutions make one point clear: the United States will not permit [North Korea] to bankroll its weapons programs by preying on American companies and workers," US Attorney Jason A. Reding Quiñones said in the DOJ press release.
The guilty pleas reveal the extent of the operation. Three US nationals - Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis - each pleaded guilty to wire fraud conspiracy. Travis, who was an active US Army servicemember during the scheme, earned over $50,000 for his role. Phagnasay and Salazar received at least $3,500 and $4,500 respectively.
But the most elaborate setup belonged to Erick Ntekereze Prince, a fourth US national who ran a company called Taggcar. Prince's operation supplied allegedly "certified" IT workers to US companies while knowing they worked outside the country using stolen identities. He hosted laptops with remote access software across multiple Florida residences and earned more than $89,000 for his services.
The international element came through Ukrainian national Oleksandr Didenko, who specialized in stealing US citizens' identities and selling them to North Korean operatives. Didenko's identity theft operation helped North Koreans secure jobs at over 40 US companies, earning him hundreds of thousands of dollars. As part of his guilty plea, he agreed to forfeit $1.4 million.
This case represents the latest escalation in a years-long battle between US authorities and North Korea's cyber operations. The regime has successfully as remote workers, investors, and recruiters to fund its internationally sanctioned nuclear weapons program. The US government has responded with and .
