North Korean Hackers Infiltrate 136 U.S. Companies, Generate $2.2 Million

The U.S. Department of Justice has announced a breakthrough in combating North Korean revenue generation schemes, securing five guilty pleas and initiating forfeiture proceedings for over $15 million in stolen virtual currency.

The coordinated enforcement action exposes a sophisticated operation where North Korean actors infiltrated 136 American companies through fraudulent remote IT employment while simultaneously executing multimillion-dollar cryptocurrency heists.

The enforcement actions reveal two parallel schemes used by the Democratic People’s Republic of Korea to fund its weapons programs in violation of international sanctions.

The first involved facilitators in the United States and Ukraine who helped North Korean IT workers secure remote positions with American companies by providing false or stolen identities.

These facilitators hosted company-issued laptops at U.S. residences and installed unauthorized remote access software, creating the illusion that workers were operating domestically.

The fraudulent employment network generated more than $2.2 million in revenue for the DPRK regime while compromising the identities of over 18 Americans.

Four U.S. nationals and one Ukrainian identity broker pleaded guilty to their roles in enabling these schemes.

In Georgia, Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis were charged with wire fraud conspiracy for facilitating the employment of overseas IT workers between September 2019 and November 2022.

Travis, an active-duty Army member at the time, earned at least $51,397 for his participation, while Phagnasay and Salazar received $3,450 and $4,500, respectively.

The scheme they supported generated approximately $1.28 million in salary payments, with the majority of those payments flowing to overseas IT workers.

Ukrainian national Oleksandr Didenko pleaded guilty in the District of Columbia to wire fraud conspiracy and aggravated identity theft for operating an identity theft ring that sold stolen American identities to overseas IT workers, including North Korean operatives.

His operation enabled fraudulent employment at 40 U.S. companies and resulted in hundreds of thousands of dollars in payments.

Didenko agreed to forfeit more than $1.4 million as part of his plea agreement.

In Florida, Erick Ntekereze Prince admitted to wire fraud conspiracy for supplying supposedly “certified” IT workers to U.S. companies through his company, Taggcar Inc., knowing they were using false identities and working from overseas locations.

Prince earned over $89,000 from his participation between June 2020 and August 2024.

The second major component involves Advanced Persistent Threat 38 (APT38), a North Korean military hacking group that executed four major virtual currency heists in 2023.

The attacks targeted platforms in Estonia, Panama, and Seychelles, resulting in approximately $382 million in combined losses.

The Justice Department filed civil forfeiture complaints to seize over $15 million in USDT stablecoin that FBI agents traced and seized in March 2025.

“These actions demonstrate the Department’s comprehensive approach to disrupting North Korean efforts to finance their weapons program on the backs of Americans,” said Assistant Attorney General John A. Eisenberg.

The enforcement actions represent the latest phase of the DPRK RevGen: Domestic Enabler Initiative, a joint effort by the National Security Division and the FBI to target and disrupt North Korea’s illicit revenue-generating schemes and their U.S.-based facilitators.

The FBI has warned that North Korean IT workers have been known to earn up to $300,000 annually, generating hundreds of millions collectively each year for designated entities involved in the DPRK’s weapons programs.

The State Department offers rewards up to $5 million for information supporting efforts to disrupt North Korea’s illicit financial activities.

Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates

The post North Korean Hackers Infiltrate 136 U.S. Companies, Generate $2.2 Million appeared first on Cyber Security News.