A U.S. federal court has sentenced a Ukrainian man to five years in prison for his role in a long-running identity theft operation that helped North Korean overseas workers obtain fraudulent employment at dozens of U.S. companies.
US Attorneys indicted in 2024 against Oleksandr Didenko, 29, of Kyiv, for setting up North Koreans with stolen US citizen identities to be hired and earn a salary. Under this plan, workers’ profits were funneled back to Pyongyang, which the regime used to finance its internationally sanctioned nuclear weapons program.
This is the latest in a series of recent convictions of people involved in facilitating the ongoing schemes of North Korea’s so-called “IT workers.” Security researchers have described North Korean workers as a “triple threat” to US and Western businesses as they violate US sanctions, enabling the North Koreans to steal sensitive corporate data and then blackmail those victim companies into not releasing corporate secrets.
Prosecutors said Didenko ran a website called Upworksell that allowed people working abroad, including North Koreans, to buy or rent stolen identities to get jobs at American companies. Didenko handled more than 870 stolen identities, according to the Justice Department.
The FBI seized Upworksell in 2024 and funneled its traffic to its own servers. Polish authorities arrested Didenko, who was then extradited to the US and later pleaded guilty.
In a statement this weekthe US Department of Justice said Didenko also paid people to receive and host computers at their homes in California, Tennessee and Virginia. These “laptop farms” are rooms containing shelves of open laptops, allowing North Koreans to perform their work remotely as if they were physically in the United States.
Security giant CrowdStrike said last year it had seen a sharp increase in the number of North Korean workers infiltrating companies, often as remote programmers or other technical software engineering jobs. The plan is among many that the North Korean regime is using to enrich itself, while being unable to use the global financial system thanks to international sanctions.
North Koreans have also been known to pose as recruiters and VCs in attempts to trick unsuspecting high-profile, high-net-worth victims into giving up access to their computers, including cryptocurrencies.
