The U.S. Department of Justice (DoJ) announced Friday that five people have pleaded guilty to enabling fraud against information technology (IT) workers and supporting North Korea’s illegal revenue-generating scheme in violation of international sanctions.
The 5 persons are listed below –
- Audricus Fagnasei, 24 years old
- Jason Salazar, 30 years old
- Alexander Paul Travis, 34 years old
- Oleksandr Didenko, 28 years old
- Eric Cink Prince, 30 years old
Fagnasay, Salazar and Travis pleaded guilty to one count of wire fraud conspiracy for knowingly causing IT workers residing outside the United States to use U.S. identities to secure jobs at U.S. companies from approximately September 2019 to approximately November 2022.
The three defendants also acted as intermediaries, hosting company-issued laptops in their homes and installing remote desktop software on those machines without permission, allowing IT employees to connect to those laptops and create the impression that they were working remotely within the United States.
Additionally, the trio allegedly helped overseas IT workers pass employer screening procedures, and Salazar and Travis took it to the next level by appearing for drug tests on their behalf. Travis, who was an active duty member of the U.S. Army at the time, received at least $51,397 in compensation for his involvement in the fraud scheme. Mr. Fagnasay and Mr. Salazar are said to have earned at least $3,450 and $4,500, respectively.
Mr. Didenko, whose arrest was announced by the Department of Justice in May 2025, pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the personal information of American citizens and selling it to IT workers in order to obtain employment with 40 American companies. Didenko also agreed to forfeit more than $1.4 million.
“Didenko operated a website using the U.S.-based domain ‘Upworksell.com’ that was designed to allow overseas IT workers to purchase or rent stolen or borrowed IDs,” the Justice Department said. “Starting in 2021, IT workers can use their IDs to get hired on online freelance labor platforms based in California and Pennsylvania.”
The Ukrainian also paid individuals in the United States to receive and host the laptops, turning his home into a laptop farm for IT workers. One such laptop farm was run by Christina Marie Chapman in Arizona. Later, Didenko’s site was seized. Chapman was sentenced to eight and a half years in prison in July 2025.
Didenko is estimated to have controlled as many as 871 proxy identities and helped operate at least three US-based laptop farms. We also enabled our international customers to access the Money Services Transmitter without having to physically open an account with a U.S. bank to transfer their payroll income to a foreign bank account.
Rounding out the list is Prince, who from around June 2020 to around August 2024 pleaded guilty to one count of wire fraud conspiracy for operating a company called Tagcar to supply “certified” IT talent to U.S. companies and running a laptop at his Florida home. Prince made more than $89,000 by engaging in IT worker fraud.
Notably, Prince was indicted in early January along with Pedro Ernesto Alonso de los Reyes, Emmanuel Ashtor, Chin Song Il (진성일), and Park Jin Sung (박진성) for allegedly helping North Korean IT workers obtain jobs at more than 64 U.S. companies.
The plan paid out more than $943,069 in salaries, most of which was returned to overseas IT employees. Mr Ashtor is currently awaiting trial and Mr de los Reyes is awaiting extradition from the Netherlands.
“In total, these defendants’ fraudulent employment schemes affected more than 136 U.S. victim companies, generated more than $2.2 million in revenue for the (Democratic People’s Republic of Korea) regime, and compromised the identities of more than 18 Americans,” the Justice Department said.
In a series of related lawsuits, the Department of Justice also announced that the U.S. Federal Bureau of Investigation (FBI) has filed two civil lawsuits seeking to forfeit more than $15 million worth of virtual currency seized from the APT38 (also known as BlueNoroff) attackers in March 2025. According to the complaint, the digital assets were obtained illegally through hacking of foreign cryptocurrency platforms.
- In July 2023, approximately $37 million was stolen from an Estonia-based cryptocurrency payment processor.
- In July 2023, approximately $100 million was stolen from a Panama-based cryptocurrency payment processor.
- Approximately $138 million was stolen from a Panama-based cryptocurrency exchange in November 2023
- In November 2023, approximately $107 million in virtual currency was stolen from a Seychelles-based virtual currency exchange.
“Efforts to track, seize, and confiscate related stolen cryptocurrencies are ongoing as the APT38 threat actors continue to launder crypto-related funds through a variety of crypto bridges, mixers, exchanges, and over-the-counter traders,” the ministry added.
The new guilty plea is the latest effort on the part of the U.S. government to combat and thwart North Korean IT workers and hacking schemes that have been used to fund the administration’s priorities. For years, North Korea has successfully infiltrated hundreds of Western and other companies under the guise of remote IT workers, extracting steady paychecks and using them to fund its nuclear weapons program.
A few weeks ago, the U.S. Treasury Department imposed sanctions on eight individuals and two entities within North Korea’s global financial network for laundering money for a variety of illegal schemes, including cybercrime and information technology (IT) worker fraud.
