The U.S. Department of Justice announced on November 14 that five people had pleaded guilty to assisting North Korean citizens to disguise themselves as remote IT employees of U.S. companies, thereby helping the North Korean authorities obtain income through remote labor. Four of them are U.S. citizens and one is a Ukrainian citizen.

According to a report from the Department of Justice, the five individuals involved are accused of acting as "intermediaries" to provide North Korean IT personnel with real or false U.S. identity information, and hosting company-issued work laptops at residences in multiple locations in the United States, creating the illusion that North Korean employees "work locally." Related actions affected a total of 136 U.S. companies and helped the North Korean regime earn $2.2 million in revenue.

This is the latest development in the U.S. government’s crackdown on North Korea’s profiteering through cybercrime in recent years. North Korea has successfully infiltrated hundreds of Western companies to support its internationally sanctioned nuclear weapons program by posing as remote IT employees, investors, and headhunters. In response, the United States has continuously filed lawsuits, investigated and punished those involved, and imposed sanctions on international fraud networks.

U.S. Attorney Jason A. Reding Quiñones said: "This judicial action underscores a core position: The United States will never allow North Korea to finance its weapons programs by victimizing American companies and workers. We will continue to work with our partners in the justice sector to expose these crimes, recover ill-gotten gains, and hold all participants accountable."

Three U.S. citizens (Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis) pleaded guilty to "wire fraud conspiracy." The judicial authorities accused the three of them of knowing that North Korean IT personnel worked overseas, but still used their own identities to help them pass the recruitment process, remotely operate the company's computers at home, and assisted them in passing various qualification examinations, including drug tests. Travis was an active member of the U.S. military at the time and earned more than $50,000. Phagnasay and Salazar received at least $3,500 and $4,500 respectively. The U.S. companies involved in the case paid a total of about $1.28 million in wages, most of which ended up going to North Korean IT personnel.

The fourth U.S. citizen, Erick Ntekereze Prince, runs Taggcar, a company that provides so-called "certified" IT personnel to U.S. companies. They are actually personnel who have used or stolen identities to work overseas. Prince once hosted computers at multiple residences in Florida, earning more than $89,000.

Ukrainian citizen Oleksandr Didenko also pleaded guilty to "telecommunications fraud conspiracy" and "aggravated identity theft." He was accused of stealing U.S. citizenship and selling it to North Korean personnel, helping them gain employment at more than 40 U.S. companies. Didenko made hundreds of thousands of dollars in profit and agreed to forfeit $1.4 million in illegal gains.

In addition, the Department of Justice also announced that it has frozen and seized more than $15 million in cryptocurrency, which were stolen from multiple encryption platforms by North Korean hackers in 2023. In recent years, encryption companies and platforms have become key targets of attacks by North Korean hackers. In 2024 alone, the amount of related thefts reached US$650 million, and so far this year it has exceeded US$2 billion.