A U.S. federal court has sentenced a Ukrainian man to five years in prison for his role in a long-running identity theft operation that helped North Korean overseas workers obtain fraudulent jobs at dozens of U.S. companies.
U.S. prosecutors filed charges in 2024 against Oleksandr Didenko, 29, a resident of Kyiv, for setting up North Koreans with stolen identities of U.S. citizens to be hired and earn wages. Under this scheme, workers’ earnings were funneled back to Pyongyang, which the regime used to fund its internationally sanctioned nuclear weapons program.
This is the latest in a series of recent convictions of individuals involved in facilitating North Korea’s ongoing so-called “IT worker” programs. Security researchers have described North Korean operatives as a “triple threat” to US and Western businesses because they violate US sanctions while allowing the North Koreans to steal sensitive company data and later extort those victims not to divulge company secrets.
Prosecutors said Didenko ran a website called Upworksell that allowed people working overseas, including North Koreans, to buy or rent stolen identities to gain employment with American firms. Didenko processed more than 870 stolen identities, according to the Justice Department.
The FBI seized Upworksell in 2024 and redirected its traffic to its own servers. Polish authorities arrested Didenko, who was then extradited to the US and later confessed.
In a statement this week, the U.S. Department of Justice said Didenko also paid people to receive and host computers at their homes in California, Tennessee and Virginia. These “laptop farms” are rooms containing racks of open laptops that allow North Koreans to do their work remotely as if they were physically located in the United States.
Security giant CrowdStrike said last year it had seen a sharp increase in the number of North Korean operatives infiltrating companies, often as remote developers or other technical software engineering jobs. The scheme is one of many that the North Korean regime uses to enrich itself, although it cannot use the global financial system due to international sanctions.
North Koreans have also been known to pose as recruiters and VCs in an attempt to trick unsuspecting high-net-worth and high-net-worth victims into giving them access to their computers, including cryptocurrencies.