Five men admit helping North Korean IT workers infiltrate US companies

US federal prosecutors have secured guilty pleas from five men who helped North Korean IT workers get hired by companies in the United States.

This group of domestic facilitators helped a sanctioned government move money, slip past hiring checks, and place foreign workers inside more than one hundred American firms, the US Department of Justice (DoJ) says.

The uncovered schemes

In Georgia, three US nationals admitted that they let overseas workers pose as them to land remote jobs: Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis supplied their own identities for job applications, kept company issued laptops in their homes, and installed remote access tools so the real workers could connect from abroad.

Travis and Salazar even took drug tests on behalf of the overseas IT workers.

“Travis, an active-duty member of the U.S. Army at the time, received at least $51,397 for his participation in the scheme. Phagnasay and Salazar earned at least $3,450 and $4,500, respectively. The fraudulent scheme earned approximately $1.28 million in salary payments from the victim U.S. companies, the vast majority of which were sent to the IT workers overseas,” the US DoJ stated.

In Florida, prosecutors secured a plea from Erick Ntekereze Prince. Through his company Taggcar Inc., he supplied what he claimed were certified IT workers to US companies. He knew the workers were overseas and using fake identities and, like the above mentioned threesome, he kept company laptops at his home and set up remote access so the workers could appear to be in Florida.

The scheme earned nearly $1 million in salary payments, and Prince got over $89,000 for his part in the scheme.

“Prince, US national Emanuel Ashtor, and a Mexican national Pedro Ernesto Alonso de los Reyes were charged in January 2025 by indictment alleging their participation in a criminal scheme that obtained work for North Korean IT workers from more than 64 US companies,” the prosecutors added.

“Ashtor is awaiting trial, and de los Reyes is pending extradition from The Netherlands.”

In Washington, Ukrainian national Oleksandr Didenko admitted that he ran a broader identity brokering service. He stole or bought the personal data of US citizens and sold ready made identity packages to foreign IT workers, including North Koreans. Those workers used the material to get jobs at more than 40 US firms.

Didenko agreed to forfeit over $1.4 million in cash and cryptocurrency.

“In total, these defendants’ fraudulent employment schemes impacted more than 136 U.S. victim companies, generated more than $2.2 million in revenue for the DPRK regime, and compromised the identities of more than 18 U.S. persons,” the prosecutors claim.

Clawing back stolen money

Alongside these criminal cases, the US government has moved to seize more than $15 million in cryptocurrency stolen in 2023 by APT38 (aka Lazarus Group) from virtual currency payments processor and exchanges based in Estonia, Panama, and Seychelles.

Investigators traced a portion of those funds across exchanges and mixers, then froze the assets before they could be moved again. The US government aims to return these $15m to the entities from which they were stolen.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!