Ethical Hacking News
US Department of Justice Secures Guilty Pleas from Four US Citizens and a Ukrainian Identity Broker for Using Stolen Identities to Scam North Korean IT Workers into Gaining Employment at US Companies
The US Department of Justice has secured guilty pleas from four US citizens and a Ukrainian identity broker for using stolen identities to scam North Korean IT workers. The scheme involved fake identities, laptops, and remote access software, resulting in millions of dollars in salary fraud and raising concerns about North Korea's involvement. Four individuals, including an active-duty US Army soldier, earned significant amounts of money by participating in the scheme, which generated over $1.28 million in salary payments. The scheme also involved a Ukrainian identity broker who sold stolen identities to overseas IT workers, including North Korea, and hosted company-issued laptops for their use. Companies must take steps to improve their security processes for vetting remote workers and remain vigilant regarding this emerging threat. More needs to be done to prevent identity theft schemes like the one described above from occurring in the future, highlighting broader systemic issues.
In recent months, the United States Department of Justice (DoJ) has secured guilty pleas from four US citizens and a Ukrainian identity broker for their roles in using stolen identities to scam North Korean IT workers into gaining employment at US companies. The scheme, which involved the use of fake identities, laptops, and remote access software, resulted in millions of dollars in salary fraud and has raised concerns about the extent of North Korea's involvement in these types of scams.
The DoJ announced that Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, and Erick Ntekereze Prince had all pled guilty to wire fraud conspiracy charges for providing their identities to North Koreans between 2019 and 2022. The scheme involved the use of fake identities, laptops issued by US companies, and remote access software to make it appear as though the North Korean IT workers were working from the US.
According to the DoJ, Travis, who was an active-duty US Army soldier at the time, earned at least $51,397 for his part in the scheme. Phagnasay and Salazar earned considerably less, taking in somewhere in the neighborhood of $3,450 and $4,500, respectively. The trio's scheme generated approximately $1.28 million in salary payments from victim US companies.
The DoJ also announced that Erick Ntekereze Prince, who used his company Taggcar Inc. to supply allegedly "certified" IT workers, had pled guilty to wire fraud conspiracy charges. Prince's scheme involved hosting company-issued laptops for his "certified" IT workers' use that were remotely accessed by North Koreans, earning him more than $89,000.
Additionally, the DoJ announced that Ukrainian national Oleksandr Didenko had pled guilty to stealing the identities of US citizens and selling them to overseas IT workers, with North Korea among the buyers. Didenko's brokerage led to fraudulent employment at 40 US companies and hundreds of thousands of dollars in salary fraud.
The scheme has raised concerns about the extent of North Korea's involvement in these types of scams. According to Adam Meyers, senior VP at CrowdStrike, the scammers aim to get their hands on both money and intellectual property. "No matter who or where you are, if you support North Korea's efforts to victimize U.S. businesses and citizens, the FBI will find you and bring you to justice," said Roman Rozhavsky, counterintelligence assistant director at the FBI.
The DoJ has taken action against individuals involved in these types of scams, but more needs to be done to prevent them from occurring in the future. Companies must take steps to improve their security processes for vetting remote workers and remain vigilant regarding this emerging threat.
Furthermore, it is essential to understand that identity theft schemes like the one described above are not just a matter of individual actions, but also of broader systemic issues. The fact that these scams were able to thrive highlights weaknesses in our current systems and raises questions about how we can better protect ourselves from such threats.
In recent years, there have been numerous reports of North Korean IT workers being used as part of these scams. These reports suggest that the Kim regime is using its IT workers to scam US companies out of millions of dollars. The fact that these scams were able to target thousands of companies highlights the need for increased awareness and vigilance regarding this threat.
The DoJ's recent actions demonstrate a commitment to taking action against those involved in identity theft schemes, but more needs to be done to prevent these types of scams from occurring in the future. Companies must take steps to improve their security processes and individuals must remain vigilant regarding this emerging threat.
In conclusion, the scheme described above highlights the dark side of North Korea's IT worker scams. The DoJ's recent actions demonstrate a commitment to taking action against those involved in identity theft schemes, but more needs to be done to prevent these types of scams from occurring in the future. Companies must take steps to improve their security processes and individuals must remain vigilant regarding this emerging threat.
Related Information:
https://www.ethicalhackingnews.com/articles/Identity-Theft-Schemes-The-Dark-Side-of-North-Koreas-IT-Worker-Scams-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/11/17/doj_north_korean_it_scam/
Published: Mon Nov 17 11:47:42 2025 by llama3.2 3B Q4_K_M
