Five Individuals Admit to Assisting North Korean IT Workers in Defrauding U.S. Companies
In a significant development, the U.S. Department of Justice (DoJ) announced on November 15, 2025, that five individuals have pleaded guilty to charges related to facilitating fraudulent employment schemes for North Korean information technology (IT) workers. This illicit activity enabled these workers to infiltrate 136 American companies, violating international sanctions and contributing to North Korea’s revenue generation efforts.
The Defendants and Their Roles
The individuals involved are:
– Audricus Phagnasay, 24
– Jason Salazar, 30
– Alexander Paul Travis, 34
– Oleksandr Didenko, 28
– Erick Ntekereze Prince, 30
Phagnasay, Salazar, and Travis admitted to one count of wire fraud conspiracy. Between September 2019 and November 2022, they knowingly allowed IT workers located outside the U.S. to use their personal identities to secure employment with American firms. To create the illusion that these workers were operating remotely within the U.S., the trio hosted company-issued laptops at their residences and installed remote desktop software without authorization. This setup enabled the foreign IT workers to connect to the devices, effectively deceiving employers about their actual locations.
Beyond providing access, these defendants assisted the overseas workers in passing employer vetting procedures. Notably, Salazar and Travis went as far as appearing for drug tests on behalf of these workers. In return for their participation in the scheme, Travis, who was an active-duty member of the U.S. Army at the time, received at least $51,397. Phagnasay and Salazar earned approximately $3,450 and $4,500, respectively.
Didenko’s Involvement
Ukrainian national Oleksandr Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft. He operated a website named Upworksell.com, which facilitated the sale or rental of stolen or borrowed U.S. identities to overseas IT workers. Starting in 2021, these workers used the acquired identities to secure positions on online freelance platforms based in California and Pennsylvania.
Didenko managed approximately 871 proxy identities and oversaw at least three U.S.-based laptop farms. In these setups, individuals in the U.S. were paid to host laptops at their residences, allowing foreign IT workers to access them remotely. One such operation was run by Christina Marie Chapman in Arizona, who was sentenced to 8.5 years in prison in July 2025. Didenko has agreed to forfeit over $1.4 million as part of his plea agreement.
Prince’s Role
Erick Ntekereze Prince admitted to one count of wire fraud conspiracy. Between June 2020 and August 2024, he operated a company called Taggcar Inc., which supplied certified IT workers to U.S. companies. Prince also hosted a laptop at his Florida residence, enabling foreign IT workers to access it remotely. Through his involvement in the fraudulent scheme, Prince earned more than $89,000.
Broader Implications
This case underscores the lengths to which individuals and organizations will go to circumvent international sanctions and exploit vulnerabilities in employment verification processes. By facilitating the infiltration of North Korean IT workers into American companies, the defendants not only violated U.S. laws but also contributed to the funding of a regime under heavy international sanctions.
The DoJ’s actions reflect a broader commitment to safeguarding national security and protecting the integrity of the U.S. workforce. Employers are urged to exercise heightened vigilance in their hiring processes, especially when dealing with remote workers, to prevent similar fraudulent activities.
