DOJ Secures Guilty Pleas in North Korea’s Remote IT Worker & Laptop Farm Schemes
The United States has announced a new series of guilty pleas in a case involving schemes that enabled North Korean citizens to earn income through remote work at American companies. According to the Department of Justice, several individuals in the U.S. spent years helping IT specialists from abroad pose as U.S. residents, secure positions in American firms, and transfer their earnings overseas, in direct violation of international sanctions.
Among those who admitted involvement were Audricus Fagnasay, Jason Salazar, and Alexander Paul Travis. They agreed to provide their personal information to individuals working outside the United States, thereby helping them obtain employment at U.S. companies. The trio kept company-issued laptops in their possession, installed remote-access software, and ensured the devices appeared to be operating from within U.S. territory.
Fagnasay, Salazar, and Travis also assisted the hackers in passing employers’ internal verification procedures, and two of them even took drug-screening tests in place of the IT specialists to complete onboarding. Their compensation varied — Travis received more than fifty thousand dollars, while the others earned significantly less.
The Justice Department separately described the role of Alexander Didenko, whose arrest was announced in the spring of 2025. He pleaded guilty to fraud and identity theft involving U.S. citizens. According to the charges, Didenko sold or rented stolen personal data to IT workers and helped them secure roles at forty companies.
He also created infrastructure for so-called “laptop farms” — locations where devices used for working under false identities were stored and maintained. One such site in Arizona was operated by Kristina Marie Chapman, who has been sentenced to a lengthy prison term.
Didenko forfeited more than 1.5 million dollars linked to the operation of Upworksell.com, a site through which stolen identities and access to payment services were supplied. Case files indicate that he managed hundreds of fraudulent profiles and several laptop farms, and assisted clients in moving their illicit earnings to overseas banks.
Another participant, Eric Ntekerese Prince, pleaded guilty to fraud tied to the activities of Taggcar Inc. Court documents state that from 2020 to 2024, he helped place IT workers at dozens of American firms and kept at least one laptop used in the scheme.
His earnings exceeded eighty thousand dollars. Prince and several others had previously been charged with helping North Korean specialists obtain employment at more than sixty companies. Additional defendants are referenced in the filings: one awaits trial, another extradition.
According to the Justice Department, more than 130 American companies were affected, and over two million dollars flowed to North Korea through these illicit employment arrangements. The agency also announced civil actions related to the seizure of more than 15 million dollars’ worth of cryptocurrency recovered by the FBI during its investigation into APT38. These digital assets are linked to a series of attacks on overseas platforms that housed cryptocurrency holdings. Authorities emphasize that efforts to identify and block such transfers are ongoing.
The latest guilty pleas represent another step in U.S. efforts to disrupt North Korea’s clandestine schemes — operations that have long been used to fund government programs, including nuclear development. Recently, the U.S. Treasury also imposed sanctions on ten entities and eight individuals involved in an international network that aids North Korea in laundering money, including through IT-worker fraud and associated criminal activity.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
