Five pleaded guilty to aiding North Korea ’s illicit revenue via IT worker fraud, violating international sanctions.The U.S. Department of Justice announced that five people have pleaded guilty to helping North Korea secretly generate revenue by running illegal IT-worker schemes that violated international sanctions. The individuals – Audricus Phagnasay (24), Jason Salazar (30), Alexander Paul Travis (34), Oleksandr Didenko (28), and Erick Ntekereze Prince (30) – admitted to their roles in supporting the fraudulent operations.U.S. and Ukrainian facilitators helped North Korean actors secure remote IT jobs in the U.S., defrauding 136 companies for $2.2M and compromising 18+ identities. Meanwhile, APT38 hackers stole millions in virtual currency in 2023. The U.S. authorities froze $15M for return to the victims.“The Justice Department today announced five guilty pleas and more than $15 million in civil forfeiture actions against the Democratic People’s Republic of Korea (DPRK) remote information technology (IT) work and virtual currency heist schemes.” reads the DoJ’s announcement. “The DPRK government uses both types of schemes to fund its weapons and other priorities in violation of sanctions.”Three U.S. nationals (Phagnasay, Salazar, and Travis)pleaded guilty to wire fraud conspiracy for helping overseas IT workers fraudulently get U.S. jobs. They provided identities, hosted company laptops, installed remote access software, and even attended drug tests for the workers. The scheme ran from 2019 to 2022, earning $1.28M in salaries, mostly sent overseas. Travis received $51K, while Phagnasay and Salazar earned $3.4K–$4.5K. The FBI and U.S. prosecutors handled the case.Ukrainian national Oleksandr Didenko pleaded guilty to wire fraud and identity theft for stealing U.S. citizens’ identities and selling them to overseas IT workers, including North Koreans, to fraudulently work for 40 U.S. companies. Victims paid hundreds of thousands of dollars. Didenko agreed to forfeit over $1.4M, including cash and crypto. The man was arrested in Poland in 2024, then he was extradited to the U.S. The FBI and multiple U.S. Attorney offices investigated and prosecuted the case, highlighting efforts to stop North Korean-funded fraud schemes.U.S. national Erick Ntekereze Prince pleaded guilty to wire fraud conspiracy for helping overseas IT workers, including North Koreans, fraudulently work for U.S. companies via false identities. Through his company, he hosted company laptops in Florida and installed remote access software to make it appear the workers were local. He earned over $89,000. The scheme involved 64 U.S. companies and generated over $943,000 in salaries sent mostly overseas. The case was investigated by the FBI Miami Field Office.The U.S. DOJ filed civil complaints to forfeit over $15M in USDT seized from North Korean APT38 actors. The funds stem from four major 2023 crypto heists targeting exchanges in Estonia, Panama, and Seychelles. The FBI is investigating, tracing, and seizing stolen cryptocurrency still being laundered. North Korean IT workers earn hundreds of thousands annually to fund DPRK weapons programs. U.S. agencies have issued advisories and may offer up to $5M in rewards to disrupt these illicit financial operations.“These actions demonstrate the Department’s comprehensive approach to disrupting North Korean efforts to finance their weapons program on the backs of Americans,” said Assistant Attorney General for National Security John A. Eisenberg. “The Department will use every available tool to protect our Nation from this regime’s depredations.”“Ensuring national and economic security are paramount to the Department’s mission,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division. “Hostile nation-states raising funds for illicit programs by stealing from digital asset exchanges threatens both. The Criminal Division is steadfast in its determination to forfeit ill-gotten gains from bad actors and return funds to victims.”Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, IT workers)