A US federal court has sentenced a Ukrainian man to five years in prison for his involvement in a long-running identity theft operation that helped North Korean workers overseas get illegal jobs at dozens of US companies.
In 2024, U.S. prosecutors filed charges against Oleksandr Didenko, 29, a Kiev resident, for helping North Koreans using stolen identities of U.S. citizens to apply for jobs and get paid. The scheme took the workers’ earnings to Pyongyang, where the regime used them to fund its nuclear programme, which is subject to international sanctions.
This is the latest in a string of recent convictions of individuals involved in facilitating North Korea’s so-called “IT worker” schemes. Security researchers have described North Korean workers as a “triple threat” to U.S. and Western businesses because they violate U.S. sanctions by allowing North Koreans to steal sensitive company data and then demanding that those victim companies not divulge corporate secrets.
Prosecutors said Didenko operated a website called Upworksell that allowed people working overseas, including North Koreans, to buy or rent stolen identities to work for U.S. firms. Didenko operated with more than 870 stolen identities, according to the Justice Department.
The FBI removed Upworksell in 2024 and redirected its traffic to its own servers. Polish authorities arrested Didenko, who was then extradited to the US, where he later pleaded guilty.
In a statement released this week, the US Department of Justice said Didenko also paid people to host and place computers in their homes in California, Tennessee and Virginia. These “laptop farms” are rooms with racks of open laptops, allowing North Koreans to remotely do their work as if they were physically in the US.
Security giant CrowdStrike said last year that it has seen a sharp rise in the number of North Korean employees infiltrating companies, often as remote developers or other software technicians. The scheme is one of many that the North Korean regime uses to enrich itself, unable to tap into the global financial system because of international sanctions.
North Koreans have also been known to pose as recruiters and venture capitalists in an attempt to trick unsuspecting high-ranking and wealthy victims into gaining access to their computers, including cryptocurrency.