Five men pleaded guilty to running laptop farms and helping North Koreans obtain remote IT positions at U.S. companies, in a scheme prosecutors say violated U.S. law. The pleas come as authorities have pursued a broader wave of North Korea–aligned cyber activity aimed at funding weapons programs and enabling espionage.
Prosecutors described how the operation created the appearance that workers were based in the United States by hosting victim-company laptops at residences across the country. The North Korean applicants, meanwhile, worked from abroad. The facilitators supplied their own fraudulent or stolen identities to applicants and used remote-access software installed on the laptops to maintain control over the setups.
The four men identified in the pleas—Audricus Phagnasay, 24; Jason Salazar, 30; Alexander Paul Travis, 34; and Erick Ntekereze Prince, 30—each pleaded guilty to one count of wire fraud. They also acknowledged providing U.S. identities to individuals applying for IT roles and installing remote-access software on the laptops to sustain the false domestic-work narrative.
The fifth defendant, Oleksandr Didenko, a Ukrainian national, pleaded guilty to aggravated identity theft in addition to wire fraud. He admitted participating in a years-long scheme that stole U.S. identities and supplied them to overseas IT workers—including North Koreans—so they could fraudulently obtain employment at dozens of U.S. companies. As part of his plea, prosecutors said, Didenko faces forfeiture totaling more than $1.4 million, including hundreds of thousands in cash and cryptocurrency.
U.S. officials have emphasized that North Korea uses IT workers around the world to generate revenue for weapons programs. In 2022, the U.S. Treasury flagged the regime as employing thousands of IT professionals to support its illicit activities. The Justice Department said it is seeking the forfeiture of more than $15 million in cryptocurrency linked to APT38-related schemes seized from North Korean actors, as part of ongoing enforcement against Pyongyang’s cyber operations.
