The Department of Justice says active-duty US Army servicemember Alexander Paul Travis helped North Korean IT workers infiltrate 136 US companies by providing his identity, taking drug tests on their behalf, and operating laptop farms that make foreign workers appear to be based inside the United States.
North Korean IT Workers Used Laptop Farms To Enter U.S. Companies
Travis, age 34, pleaded guilty on November 14 to wire fraud conspiracy. Prosecutors said he provided his identity to North Korean IT workers between 2019 and 2022 and hosted company laptops in his home so the workers appeared to log in from US locations. DOJ filings stated he earned $51,000.
Three other US citizens pleaded guilty in related conduct. Audricus Phagnasay, age 24, Jason Salazar, age 30, and Erick Ntekereze Prince, age 38, admitted providing their identities and hosting laptops linked to company-issued equipment. DOJ filings said these laptops included unauthorized remote access tools that allowed overseas workers to control the devices.
Phagnasay received $3,450 and Salazar received $4,500. Prosecutors said Travis and Salazar appeared in person for employer drug testing so North Korean workers could pass vetting requirements. According to the filings, workers using these identities collected $1.28 million dollars in salaries, with the funds transferred overseas.
Prince operated through a business registered as Taggcar Inc. Prosecutors said he supplied fraudulent IT workers to US companies from June 2020 to August 2024 and earned more than $89,000. DOJ filings stated he hosted multiple company laptops at residences in Florida while knowing the workers were based overseas.
Stolen Identities Helped North Korean Workers Infiltrate U.S. Firms
Ukrainian national Oleksandr Didenko, age 28, pleaded guilty on November 10 to wire fraud conspiracy and aggravated identity theft. DOJ filings noted he ran Upworksell.com, a website that sold stolen or borrowed US identities to overseas IT workers.
Beginning in 2021, North Korean IT workers used these identities to secure employment on US freelance platforms such as Upwork and Freelancer. Prosecutors said Didenko helped them infiltrate 40 companies. He agreed to forfeit $1.4 million.
DOJ filings said Didenko managed as many as 871 proxy identities and organized at least three laptop farms inside the United States. One farm was operated by Christina Marie Chapman in Arizona, who received an 8.5-year prison sentence in July 2025.
Part of Broader North Korean Revenue Activity
The guilty pleas aligned with the Department of Justice’s DPRK RevGen: Domestic Enabler Initiative, a program targeting North Korean revenue generation networks and their US-based facilitators. A 2022 joint advisory from the FBI, Treasury, and State Department warned that North Korean IT workers could earn up to $300,000 per year and collectively channel hundreds of millions of dollars to the North Korean government.
The FBI issued public notices in May 2024 and January 2025 describing data theft, extortion, and unauthorized access linked to North Korean remote IT workers using stolen identities, alias accounts, and proxy computers.
Prosecutors also referenced a separate case from January 2025 in which Prince, U.S. national Emanuel Ashtor, and Mexican national Pedro Ernesto Alonso De Los Reyes were indicted for helping North Korean IT workers obtain employment at more than 64 companies. That case involved $943,000 in earnings. Ashtor awaited trial and De Los Reyes remained in custody in the Netherlands pending extradition.
DOJ records said federal agents searched 29 known laptop farms across 16 states in June 2025 and seized hundreds of laptops, accounts, and websites.
Chain Street’s Take
Federal filings showed the infiltration succeeded through routine onboarding steps such as drug testing and home-hosted laptops. The confirmed 136 affected companies and 29 seized laptop farms indicated persistent vulnerabilities in remote-work verification processes across US firms.
