A U.S. federal court has sentenced a Ukrainian man to five years in prison for his part in a long-running identity theft operation. The scheme helped overseas North Korean workers gain fraudulent employment at dozens of U.S. companies.
U.S. prosecutors brought charges in 2024 against Oleksandr Didenko, a 29-year-old resident of Kyiv. He was accused of setting up North Koreans with stolen identities of U.S. citizens to get hired and earn a wage. Under this scheme, the workers’ earnings were funneled back to Pyongyang, where the regime used the money to fund its internationally sanctioned nuclear weapons program.
This is the latest in a string of recent convictions of individuals involved in facilitating ongoing North Korean so-called “IT worker” schemes. Security researchers have described North Korean workers as a “triple threat” to U.S. and Western businesses. They violate U.S. sanctions, enable the theft of sensitive company data, and later extort those victim companies to prevent the public release of corporate secrets.
Prosecutors said Didenko ran a website called Upworksell, which allowed people working overseas, including North Koreans, to buy or rent stolen identities for gaining employment with U.S. firms. The Justice Department stated that Didenko handled more than 870 stolen identities.
The FBI seized the Upworksell website in 2024 and diverted its traffic to its own servers. Polish authorities arrested Didenko, who was then extradited to the U.S. and later pleaded guilty.
In a statement this week, the U.S. Department of Justice said Didenko also paid people to receive and host computers at their homes in California, Tennessee, and Virginia. These “laptop farms” are rooms containing racks of open laptops, allowing North Koreans to remotely perform their work as if they were physically in the United States.
Security giant CrowdStrike said last year that it has seen a sharp rise in the number of North Korean workers infiltrating companies, often as remote developers or in other technical software engineering roles. The scheme is among many that the North Korean regime uses to enrich itself while being unable to use the global financial system due to international sanctions.
North Koreans are also known to impersonate recruiters and venture capitalists in efforts to trick unsuspecting high-profile and high-net-worth victims into granting access to their computers, including cryptocurrency accounts.