Overview
- Four Americans and one Ukrainian—Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, Erick Ntekereze Prince, and Oleksandr Didenko—pleaded guilty to roles in schemes that placed overseas North Korean operatives in U.S. IT jobs.
- Three defendants entered pleas in the Southern District of Georgia, Prince in the Southern District of Florida, and Didenko in Washington, D.C., after using real, false, or stolen U.S. identities and hosting company laptops to mask foreign locations.
- The DOJ says the activity affected 136 U.S. companies and generated more than $2.2 million for North Korea, with facilitator payouts ranging from roughly $3,500 to $89,000 while victim firms paid about $1.28 million in salaries to the overseas workers.
- Federal prosecutors filed civil complaints to forfeit over $15 million in cryptocurrency traced to APT38’s 2023 hacks of platforms in Panama, Estonia, and Seychelles, with funds laundered through bridges, mixers, exchanges, and OTC traders and seizures continuing.
- Didenko operated the identity marketplace upworksell.com, managed hundreds of proxy identities, funded U.S. laptop farms, agreed to forfeit about $1.4 million, and faces sentencing on February 19, 2026, as authorities urge stronger vetting of remote hires.