Post

Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies

Posted
By ictsec.pl
2 min read

The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea’s illicit revenue generation schemes by enabling information technology (IT) worker fraud in violation of international sanctions.

Phagnasay, Salazar, and Travis pleaded guilty to one count of wire fraud conspiracy for knowingly allowing IT workers located outside of the U.S. to use their U.S. identities between about September 2019 and November 2022 and secure jobs at American firms. The three defendants also served as facilitators, hosting the company-issued laptops at their residences and installing remote desktop software on those machines without authorization so that the IT workers could connect to them and give the impression that they were working remotely within the U.S.

Didenko, whose arrest was disclosed by the DoJ back in May 2025, has pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to IT workers so that they could land jobs at 40 U.S. companies. Didenko has also agreed to forfeit more than $2.4 million. “Didenko ran a website using a U.S.-based domain, ‘Upworksell.com,’ designed to help overseas IT workers buy or rent stolen or borrowed identities,” the DoJ said. “Beginning in 2021, the IT workers used the identities to get hired on online freelance work platforms based in California and Pennsylvania.” The Ukrainian national also paid individuals in the U.S. to receive and host laptops, turning their homes into laptop farms for the IT workers. One such laptop farm was operated by Christina Marie Chapman in Arizona. Didenko’s site has since been seized.

“In total, these defendants’ fraudulent employment schemes impacted more than 136 U.S. victim companies, generated more than $2.2 million in revenue for the Democratic People’s Republic of Korea (DPRK) regime, and compromised the identities of more than 18 U.S. persons,” the DoJ said. In related actions, the DoJ has filed two civil complaints to forfeit cryptocurrency valued at more than $5 million that the U.S. Federal Bureau of Investigation (FBI) seized in March 2025 from APT38 (aka BlueNoroff) actors. The digital assets, the complaints allege, were illegally obtained through hacks at overseas virtual currency platforms:

  • Theft of approximately $37 million from an Estonia-based virtual currency payments processor in July 2023
  • Theft of approximately $100 million from a Panama-based virtual currency payment processor in July 2023
  • Theft of approximately $138 million from a Panama-based virtual currency exchange in November 2023, and
  • Theft of approximately $107 million in virtual currency from a Seychelles-based virtual currency exchange in November 2023.

To read the complete article, see: The Hacker News

LEGAL
NORTH KOREA IT FRAUD CYBERSECURITY LEGAL PROCEEDINGS
This post is licensed under CC BY 4.0 by the author.