DOJ guilty pleas in North Korea IT worker fraud case
Law Enforcement
Summary
Hide ▲
Show ▼
Five individuals pleaded guilty in a U.S. federal case tied to North Korea's IT worker fraud scheme, increasing criminal exposure for a cross-border operation that used stolen identities and fake remote-work setups. The scheme relied on U.S. identities, company-issued laptops, and remote desktop software to make overseas workers appear to be inside the United States while they secured jobs at American firms. It affected more than 136 U.S. victim companies and generated over $2.2 million for the DPRK regime.
Related Happenings
Sentencing in North Korea laptop farm case
Law Enforcement
First: 07.05.2026 16:45
Last: 07.05.2026 16:45
Sources 1
About this happening:
Federal authorities sentenced **Matthew Isaac Knoot** and **Erick Ntekereze Prince** to **18 months** in prison each for running **laptop farms** that helped **North Korean IT wor...
Sentencing in North Korea laptop farm case
Law EnforcementAbout this happening: Federal authorities sentenced **Matthew Isaac Knoot** and **Erick Ntekereze Prince** to **18 months** in prison each for running **laptop farms** that helped **North Korean IT wor...
Finnish arrest and U.S. charges in Bouquet Scattered Spider case
Law Enforcement
First: 28.04.2026 18:39
Last: 28.04.2026 18:39
Sources 1
About this happening:
**Finnish law enforcement** arrested **Bouquet**, and **U.S. federal prosecutors** later charged him in a cross-border **Scattered Spider** cybercrime case. The charges include **...
Finnish arrest and U.S. charges in Bouquet Scattered Spider case
Law EnforcementAbout this happening: **Finnish law enforcement** arrested **Bouquet**, and **U.S. federal prosecutors** later charged him in a cross-border **Scattered Spider** cybercrime case. The charges include **...
DoJ/FBI/USSS crypto-fraud domain seizure and charges
Law Enforcement
First: 27.04.2026 18:00
Last: 27.04.2026 18:00
Sources 1
About this happening:
**DoJ**, **FBI**, and **US Secret Service** investigators **seized 503 domains** linked to **fraudulent crypto platforms**, disrupting infrastructure used in a Cambodia-based scam...
DoJ/FBI/USSS crypto-fraud domain seizure and charges
Law EnforcementAbout this happening: **DoJ**, **FBI**, and **US Secret Service** investigators **seized 503 domains** linked to **fraudulent crypto platforms**, disrupting infrastructure used in a Cambodia-based scam...
North Korean remote IT worker scam operation targeting American companies
Campaign
First: 16.04.2026 19:00
Last: 16.04.2026 19:00
Sources 1
How related:
The new round of guilty pleas is the latest effort on the part of the U.S. government to combat and disrupt North Korea's IT worker and hacking schemes, which have been used to fund the regime's priorities.
About this happening:
A long-running **North Korean remote IT worker scam operation** used **stolen identities** and fake placements to embed operators inside **more than 100 American companies**. The...
North Korean remote IT worker scam operation targeting American companies
CampaignHow related: The new round of guilty pleas is the latest effort on the part of the U.S. government to combat and disrupt North Korea's IT worker and hacking schemes, which have been used to fund the regime's priorities.
About this happening: A long-running **North Korean remote IT worker scam operation** used **stolen identities** and fake placements to embed operators inside **more than 100 American companies**. The...
Kejia Wang and Zhenxing Wang sentencing in DPRK IT worker fraud case
Law Enforcement
First: 16.04.2026 11:32
Last: 16.04.2026 11:32
Sources 1
About this happening:
A court sentenced Kejia Wang and Zhenxing Wang to prison for helping run a DPRK-linked remote IT worker fraud scheme. The operation used stolen identities, fake websites, shell co...
Kejia Wang and Zhenxing Wang sentencing in DPRK IT worker fraud case
Law EnforcementAbout this happening: A court sentenced Kejia Wang and Zhenxing Wang to prison for helping run a DPRK-linked remote IT worker fraud scheme. The operation used stolen identities, fake websites, shell co...
Latest development: 16.04.2026 19:00
The US Justice Department announced sentences of 108 months for Kejia Wang and 92 months for Zhenxing Wang for helping run a DPRK remote IT worker scheme that used stolen identities of at least 80 American citizens to deceive more than 100 American companies, generate more than $5m for the Democratic People’s Republic of Korea, and enable access to sensitive data and source code from victim firms; the operation used home addresses to receive laptops and gave overseas IT workers in North Korea remote access.
Timeline
-
15.11.2025 12:21 2 articles · 6mo ago
DoJ announces guilty pleas and forfeiture complaints in North Korea IT worker fraud case
Legal Policy Action UpdateThe U.S. Department of Justice announced that Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, Oleksandr Didenko, and Erick Ntekereze Prince pleaded guilty to helping North Korea's IT worker fraud network by using stolen or borrowed U.S. identities, hosting company-issued laptops, installing unauthorized remote desktop software, and evading employer vetting so overseas workers could appear U.S.-based and secure jobs at American firms; the scheme impacted more than 136 U.S. victim companies, compromised the identities of more than 18 U.S. persons, and generated more than $2.2 million for the DPRK regime, while the department also filed civil complaints to forfeit more than $15 million in cryptocurrency seized from APT38 (aka BlueNoroff) actors in March 2025.
Show sources
- Five U.S. Citizens Plead Guilty to Helping North Korean IT Workers Infiltrate 136 Companies — thehackernews.com — 15.11.2025 12:21
- Five U.S. Citizens Plead Guilty to Helping North Korean IT Workers Infiltrate 136 Companies — thehackernews.com — 15.11.2025 12:21