Five individuals have admitted guilt for assisting North Koreans in defrauding U.S. firms by impersonating remote IT personnel, as stated by the U.S. Department of Justice (DOJ) on Friday.

The five individuals are charged with acting as “facilitators,” enabling North Koreans to secure employment by using their genuine identities, or the false and stolen identities of over a dozen U.S. citizens. The facilitators also accommodated company-issued laptops in their residences throughout the U.S. to create the impression that the North Korean employees were residing locally, as per the DOJ’s news release.

These activities impacted 136 U.S. companies, yielding $2.2 million in revenue for Kim Jong Un’s regime, according to the DOJ.

This latest series of guilty pleas is part of an ongoing initiative by U.S. authorities aimed at undermining North Korea’s capacity to profit from cybercrime. For years, North Korea has effectively infiltrated numerous Western enterprises as remote IT personnel — as well as investors and recruiters — to finance its internationally condemned nuclear weapons program. In recent years, the U.S. government has retaliated by indicting those involved in the scheme and imposing sanctions on global fraud networks. 

“These prosecutions clearly indicate that the United States will not allow [North Korea] to fund its weapons initiatives by exploiting American businesses and workers,” stated U.S. Attorney Jason A. Reding Quiñones in a news release. “We will continue collaborating with our partners throughout the Justice Department to expose these frauds, recover embezzled funds, and pursue every individual who supports North Korea’s operations.”

Three of the individuals — U.S. citizens Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis — each entered a guilty plea to a single charge of wire fraud conspiracy. 

Prosecutors claim that the three assisted North Koreans posing as legitimate IT personnel, whom they recognized as working outside of the U.S., to utilize their identities to gain employment, helped them remotely access company-issued laptops located in their homes, and assisted the North Koreans in passing vetting processes, such as drug screenings. 

Travis, identified by prosecutors as an active member of the U.S. Army at the time of the scheme, received over $50,000 for his activities, while Phagnasay and Salazar earned at least $3,500 and $4,500, respectively. The scheme resulted in U.S. companies disbursing approximately $1.28 million in salaries, most of which was sent to the North Korean IT workers abroad, according to the DOJ.

The fourth U.S. citizen who admitted guilt is Erick Ntekereze Prince, who operated a firm named Taggcar, which falsely provided U.S. companies with “certified” IT workers whom he knew were operating outside the country and utilizing stolen or fake identities. Prince also maintained laptops with remote access software at various locations in Florida, earning over $89,000 for his services, as stated by the DOJ. 

Another participant in the scheme who pleaded guilty to one count of wire fraud conspiracy and an additional count of aggravated identity theft is Ukrainian national Oleksandr Didenko, whom prosecutors accuse of appropriating U.S. citizens’ identities and selling them to North Koreans to facilitate employment at over 40 U.S. companies. 

According to the press release, Didenko earned several hundred thousand dollars for this service. Didenko consented to forfeit $1.4 million as part of his plea agreement.

The DOJ also revealed that it has frozen and seized more than $15 million in cryptocurrency that was stolen in 2023 by North Korean hackers from multiple crypto platforms. 

Crypto firms, exchanges, and blockchain enterprises have become prime targets for North Korean hackers, who pilfered over $650 million in crypto in 2024 and more than $2 billion up to this year.