Ethical Hacking News
Five U.S. Citizens Plead Guilty to Helping North Korean IT Workers Infiltrate 136 Companies
Five American citizens have pleaded guilty to assisting North Korean IT workers in infiltrating 136 companies. The U.S. Department of Justice has long been aware of the threat posed by North Korea's illicit activities, including cybercrime and identity theft schemes. The five American citizens involved included Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, Oleksandr Didenko, and Erick Ntekereze Prince. The trio of Phagnasay, Salazar, and Travis knowingly allowed IT workers to use their U.S. identities to secure jobs at American firms. The extent of their involvement in the schemes is stark, with some receiving significant payouts for their roles, including Travis's $51,397. Other individuals involved included Didenko, who stole and sold U.S. citizen identities to IT workers, and Prince, who pleaded guilty to operating a company that supplied "certified" IT workers to U.S. companies. The DoJ has filed civil complaints to forfeit cryptocurrency valued at over $15 million seized from APT38 actors in connection with North Korea's cybercrime schemes.
In a significant development that underscores the United States' unwavering commitment to combating illicit activities perpetrated by rogue states, five American citizens have recently pleaded guilty to assisting North Korean IT workers in infiltrating 136 companies. This breakthrough, achieved through an exhaustive investigation by the U.S. Department of Justice (DoJ), marks a crucial milestone in the ongoing effort to disrupt and dismantle North Korea's complex web of cybercrime and identity theft schemes.
The DoJ has long been aware of the significant threat posed by North Korea's illicit activities, including its efforts to acquire sensitive information technology expertise from foreign companies through the employment of IT workers. These workers, often masquerading as legitimate employees, are granted access to sensitive systems and data, which is then funneled back to the regime in exchange for hefty sums of money. The U.S. government has been actively working to uncover the identities of individuals involved in these schemes and to dismantle their networks.
The five American citizens who have pleaded guilty to assisting North Korean IT workers include Audricus Phagnasay, 24; Jason Salazar, 30; Alexander Paul Travis, 34; Oleksandr Didenko, 28; and Erick Ntekereze Prince, 30. The trio of Phagnasay, Salazar, and Travis is said to have knowingly allowed IT workers located outside the United States to use their U.S. identities between September 2019 and November 2022, securing jobs at American firms. They also served as facilitators, hosting company-issued laptops at their residences and installing remote desktop software on those machines without authorization so that the IT workers could connect to them and give the impression that they were working remotely within the U.S.
Furthermore, the trio is said to have aided the overseas IT workers in passing employer vetting procedures, with Salazar and Travis taking it a step further by appearing for drug testing on behalf of them. The extent of their involvement in these fraudulent schemes is starkly evident, as Travis, then an active-duty member of the U.S. Army, received at least $51,397 for his role in the scheme. Phagnasay and Salazar are said to have earned at least $3,450 and $4,500, respectively.
The case also involves Didenko, whose arrest was disclosed by the DoJ back in May 2025. He has pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to IT workers so that they could land jobs at 40 U.S. companies. Didenko's actions have been described as a sophisticated web of deceit, with him running a website using a U.S.-based domain called "Upworksell.com" designed to help overseas IT workers buy or rent stolen identities.
Didenko also enabled his overseas clients to access Money Service Transmitters rather than having to physically open an account at a U.S. bank to transfer the employment income to foreign bank accounts. He is estimated to have managed as many as 871 proxy identities and facilitated the operation of at least three U.S.-based laptop farms. His website, "Upworksell.com," has since been seized by law enforcement agencies.
The latest guilty pleas are a significant development in the ongoing effort to disrupt North Korea's cybercrime and identity theft schemes. In addition to these five individuals, Prince is said to have pleaded guilty to one count of wire fraud conspiracy for allegedly operating a company called Taggcar Inc. from approximately June 2020 through August 2024 to supply "certified" IT workers to U.S. companies.
The impact of these schemes on the U.S. economy and national security cannot be overstated. The scheme netted more than $943,069 in salary payments, most of which were funneled back to the IT workers overseas. Ashtor is currently awaiting trial, and De Los Reyes is pending extradition from the Netherlands.
In a related development, the DoJ has also filed two civil complaints to forfeit cryptocurrency valued at more than $15 million that the U.S. Federal Bureau of Investigation (FBI) seized in March 2025 from APT38 (aka BlueNoroff) actors. The digital assets were allegedly obtained through hacks at overseas virtual currency platforms, including thefts of approximately $37 million from an Estonia-based virtual currency payments processor in July 2023; the theft of approximately $100 million from a Panama-based virtual currency payment processor in July 2023; the theft of approximately $138 million from a Panama-based virtual currency exchange in November 2023; and the theft of approximately $107 million in virtual currency from a Seychelles-based virtual currency exchange in November 2023.
In conclusion, these guilty pleas represent a significant victory for law enforcement agencies working to combat North Korea's illicit activities. The ongoing efforts by the U.S. Department of Justice to disrupt and dismantle these schemes underscore the importance of vigilance and cooperation between domestic and international authorities in the fight against cybercrime and identity theft.
The threat posed by rogue states is ever-present, and it requires unwavering commitment from governments and law enforcement agencies around the world. As we move forward in this complex and dynamic landscape, it will be crucial to maintain a strong alliance of nations working together to counter these threats and protect our collective national security and economic interests.
The U.S. Department of Justice's actions demonstrate its unwavering dedication to upholding the rule of law and protecting American citizens from the scourge of cybercrime and identity theft. These efforts serve as a vital reminder that justice will be pursued relentlessly, no matter how complex or far-reaching the schemes may seem.
In the coming days and weeks, it is likely that we will see more developments in this ongoing saga, as authorities work to unravel the intricate web of deceit spun by these rogue actors. Until then, we can take comfort in knowing that law enforcement agencies are actively working to protect our national security and safeguard our interests.
The pursuit of justice never ends, and it is in moments like these that we are reminded of the importance of vigilance, cooperation, and unwavering commitment from governments around the world.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Unyielding-Pursuit-US-Department-of-Justice-Cracks-Down-on-North-Koreas-Cybercrime-and-Identity-Theft-Schemes-ehn.shtml
https://thehackernews.com/2025/11/five-us-citizens-plead-guilty-to.html
https://attack.mitre.org/groups/G0082/
https://darkatlas.io/blog/bluenoroff-apt38-live-infrastructure-hunting
Published: Sat Nov 15 05:21:34 2025 by llama3.2 3B Q4_K_M
