Five people plead guilty to helping North Koreans infiltrate US companies as ‘remote IT workers’

The US Department of Justice announced on Friday that five people have pleaded guilty to helping North Koreans defraud US companies by posing as remote IT workers.

The five people are accused of acting as “middlemen” who helped North Koreans obtain jobs by providing their real identities, or fake and stolen identities, to more than a dozen American citizens. Facilitators also hosted company-provided laptops in their homes across the United States to make it appear as if the North Korean workers were living locally, according to the Justice Department press release.

The Justice Department said these measures affected 136 American companies and generated $2.2 million in revenue for Kim Jong Un’s regime.

The latest round of guilty pleas are part of a years-long effort by US authorities to disrupt North Korea’s ability to make money from cybercrime. For years, North Korea has successfully compromised hundreds of Western companies as remote IT workers — as well as investors and recruiters — as part of a scheme to fund a nuclear weapons program subject to international sanctions. In recent years, the US government has responded, charging people involved in the scheme and imposing sanctions on international fraud networks.

“These trials make one point clear: The United States will not allow it [North Korea] “Its financing its weapons programs by exploiting American companies and workers,” U.S. Attorney Jason Redding-Quinones said in a press release. “We will continue to work with our partners across the Department of Justice to uncover these schemes, recover stolen funds, and pursue every individual who assists in North Korea’s operations.”

Three of the people — U.S. citizens Audricus Vagensay, Jason Salazar, and Alexander Paul Travis — pleaded guilty to one count of wire fraud conspiracy.

Prosecutors accused the three of helping North Koreans posing as legitimate IT workers, who they knew worked outside the United States, use their own identities to get work, helping them remotely access company-issued laptops installed in their homes, and helping the North Koreans pass vetting procedures, such as drug tests.

Travis, who prosecutors said was an active member of the U.S. military at the time of the scheme, received more than $50,000 for the acts, while Vagnasay and Salazar received at least $3,500 and $4,500, respectively. The scheme saw US companies pay about $1.28 million in salaries, most of which was sent to North Korean IT workers overseas, according to the Justice Department.

The fourth US citizen to plead guilty was Eric Ntikiris-Prince, who ran a company called Tagcare, which supplied US companies with allegedly “certified” IT workers but who he knew were working outside the country and were using stolen or fake identities. Prince also hosted laptops equipped with remote access software at several residences in Florida, receiving more than $89,000 for his work, the Justice Department said.

Another participant in the scheme who pleaded guilty to one count of wire fraud conspiracy and one count of aggravated identity theft is Ukrainian national Oleksandr Didenko, who prosecutors accuse of stealing the identities of U.S. citizens and selling them to North Koreans so they could get jobs at more than 40 U.S. companies.

According to the press release, Didenko was paid hundreds of thousands of dollars for the service. Didenko agreed to forfeit $1.4 million as part of his guilty plea.

The Department of Justice also announced that it had frozen and seized more than $15 million in cryptocurrencies stolen by North Korean hackers in 2023 from several cryptocurrency platforms.

Cryptocurrency companies, exchanges and blockchain projects have become one of the favorite targets of North Korean hackers, who stole more than $650 million in cryptocurrencies in 2024, and more than $2 billion so far this year.