The US Department of Justice (DOJ) announced on Friday that five individuals have pleaded guilty to aiding North Korea’s illicit revenue generation schemes by enabling information technology (IT) worker fraud in violation of international sanctions.
The list of five persons is given below –
- Audricus Fagansse, 24
- Jason Salazar, 30
- Alexander Paul Travis, 34
- Oleksandr Didenko, 28, and
- Eric Entequerez Prince, 30
Fagansay, Salazar and Travis pleaded guilty to one count of wire fraud conspiracy to knowingly allow IT employees based outside the US to use their US identities and secure jobs at US firms between September 2019 and November 2022.
The three defendants also acted as facilitators, hosting company-issued laptops at their residences and installing remote desktop software on those machines without authorization so that IT staff could connect to them and give the impression that they were working remotely within the US.
Additionally, all three are said to have assisted foreign IT workers in passing employer screening processes, with Salazar and Travis taking it to the next level by appearing for drug testing on their behalf. Travis, who was an active-duty member of the U.S. Army at the time, received at least $51,397 for his role in the fraud scheme. Fagansay and Salazar are said to have earned at least $3,450 and $4,500, respectively.
Didenko, whose arrest was disclosed by the DOJ in May 2025, pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of US citizens and selling them to IT workers so they could obtain jobs at 40 US companies. Didenko also agreed to forfeit more than $1.4 million.
“Didenko ran a website using the US-based domain ‘Upworksell.com’ that was designed to help foreign IT workers buy or hire stolen or borrowed identities,” the DoJ said. “In early 2021, IT workers used identities to get hired on online freelance work platforms based in California and Pennsylvania.”
The Ukrainian citizen also paid individuals in the US to acquire and host laptops, turning their homes into laptop farms for IT workers. One such laptop farm was operated by Christina Marie Chapman in Arizona. Didenko’s site has since been seized. Chapman was sentenced to 8.5 years in prison in July 2025.
Didenko is estimated to have managed 871 proxy identities and facilitated the operation of at least three US-based laptop farms. They enabled their foreign clients to access money service transmitters to transfer employment income to foreign bank accounts instead of physically opening an account at a US bank.
Leading the list is Prince, who has pleaded guilty to one count of wire fraud conspiracy for operating a company called TagCar Inc. from approximately June 2020 to August 2024 to supply “certified” IT employees to US companies and run a laptop at his home in Florida. Prince made more than $89,000 as a result of his involvement in the IT employee fraud.
It is worth noting that the prince, along with Pedro Ernesto Alonso de los Reyes, Emmanuel Ashtor and Jin Sung-il (진성일), Pak Jin-seong (박진성), were indicted earlier this January for allegedly allowing North Korean IT employees to obtain work at more than 64 US companies.
The scheme netted more than $943,069 in salary payments, most of which was repatriated to IT employees overseas. Ashtor is currently awaiting trial, and De los Reyes is pending extradition from the Netherlands.
“In total, these defendants’ fraudulent employment schemes affected more than 136 U.S. victim companies, generating more than $2.2 million in revenue. [Democratic People’s Republic of Korea] regime, and compromised the identities of more than 18 U.S. persons,” the DOJ said.
In a set of related actions, the DoJ said it has also filed two civil complaints to seize more than $15 million worth of cryptocurrencies that the US Federal Bureau of Investigation (FBI) seized from APT38 (aka Bluenoroff) actors in March 2025. The complaints allege that digital assets were obtained illegally through hacks on foreign virtual currency platforms –
- Nearly $37 Million Stolen from an Estonia-Based Virtual Currency Payment Processor in July 2023
- Nearly $100 million stolen from Panama-based virtual currency payment processor in July 2023
- The theft of approximately $138 million from a Panama-based virtual currency exchange in November 2023, and
- Nearly $107 million in virtual currency stolen from Seychelles-based virtual currency exchange in November 2023
“Efforts to locate, seize, and confiscate stolen virtual currency are ongoing, as APT38 actors continue to launder such funds through various virtual currency bridges, mixers, exchanges, and over-the-counter merchants,” the department said.
The new round of guilty pleas is the latest effort by the U.S. government to combat and disrupt North Korea’s IT activist and hacking schemes, which have been used to fund the regime’s priorities. For several years, North Korea has successfully infiltrated hundreds of Western companies and elsewhere by posing as remote IT workers in order to receive steady salaries and finance its nuclear weapons program.
A few weeks ago, the US Treasury Department imposed sanctions against eight individuals and two entities within North Korea’s global financial network for money laundering for various illicit schemes, including cybercrime and information technology (IT) worker fraud.
