Americans Guilty in North Korean Infiltration Plot

American citizens just pleaded guilty to selling out their country by helping North Korean operatives infiltrate U.S. companies, directly funding Kim Jong Un’s weapons programs while undermining sanctions meant to protect national security.

Story Snapshot

Three Americans and one Ukrainian pleaded guilty to enabling North Korean IT workers to use stolen identities for remote jobs at over 100 U.S. companies, generating $1.28 million that funded weapons programs
Alexander Travis, a U.S. Army member, pocketed over $50,000 while hosting employer laptops that North Korean operatives accessed remotely to steal sensitive data and cryptocurrency
The scheme represents part of a massive North Korean operation generating up to $600 million annually, with 320+ companies infiltrated in the past year using deepfake technology
DOJ coordinated nationwide prosecutions marking the first major crackdown on Americans facilitating sanctions evasion through so-called “laptop farms”

Americans Enable Hostile Regime’s Revenue Stream

Three U.S. nationals—Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis—pleaded guilty in Georgia to wire fraud conspiracy for allowing North Korean IT workers to use their identities for remote jobs at American firms between 2019 and 2022. Travis, shockingly a U.S. Army member, earned over $50,000 for hosting employer-issued laptops at his residence while North Korean operatives accessed them remotely to perform work. Separately, Erick Ntekereze Prince pleaded guilty in Florida for operating a company that staffed North Korean workers from 2020 to 2024, earning him $89,000. This betrayal directly undermines American sanctions designed to prevent hostile regimes from acquiring funds for weapons development.

Sophisticated Identity Theft Operation Compromises National Security

Ukrainian national Oleksandr Didenko pleaded guilty in Washington for selling stolen U.S. identities to North Korean operatives, affecting 40 American companies. The scheme exploited the post-COVID remote work boom, with North Koreans posing as legitimate IT contractors while simultaneously stealing sensitive data including military technology specifications and cryptocurrency. FBI investigations revealed over 80 U.S. citizens had their identities compromised to facilitate employment at more than 100 companies. The facilitators operated physical “laptop farms” where employer-issued equipment remained in U.S. locations while North Korean workers accessed them remotely, creating the illusion of domestic employment while evading detection.

Massive Revenue Fuels Weapons Programs

United Nations estimates indicate North Korean IT worker schemes generate between $250 million and $600 million annually, with thousands of operatives required to earn $10,000 monthly according to defector accounts. Beyond the $1.28 million in salaries from this specific case, UAE-based North Korean operatives hired by an Atlanta blockchain firm and Serbian token company stole $915,000 in cryptocurrency. The Christina Chapman case, prosecuted before 2025, demonstrated the scale of these operations when she facilitated 309 jobs generating $17.1 million in revenue using 70 stolen identities, impacting companies like Nike. These funds directly support Kim Jong Un’s weapons of mass destruction programs, circumventing international sanctions meant to contain North Korean aggression.

Explosive Growth Threatens American Businesses

CrowdStrike’s August 2025 report documented a 220 percent increase in North Korean IT worker infiltrations, with 320 companies infiltrated in the past year alone. The operatives now employ deepfake technology to create convincing personas during video interviews, significantly complicating detection efforts. Assistant Attorney General John Eisenberg stated the DOJ is working to disrupt North Korean efforts to finance weapons “on the backs of Americans.” The IT and blockchain sectors face particular vulnerability, with companies suffering over $3 million in direct losses plus extensive network remediation costs. The FBI issued updated public service announcements warning companies about both witting and unwitting facilitation of these schemes.

This brazen exploitation of American companies and identity theft represents government-sponsored fraud at an international scale. The willingness of U.S. citizens to profit from enabling a hostile regime’s sanctions evasion demonstrates how personal greed can override patriotic duty and national security concerns. While the Trump administration’s DOJ now aggressively prosecutes these cases with coordinated actions across multiple districts, the explosive growth in infiltrations shows these schemes continue adapting with new technologies like deepfakes. Companies hiring remote workers must implement rigorous vetting procedures, and Americans should remain vigilant against identity theft that could unwittingly support adversarial nations seeking to harm our country and allies.