A federal court in the United States has sentenced a Ukrainian individual to five years in prison for his involvement in a sophisticated identity theft operation. This scheme enabled North Korean workers to fraudulently secure jobs at numerous U.S. companies.
Oleksandr Didenko, a 29-year-old from Kyiv, was charged by U.S. prosecutors in 2024 for orchestrating a plan that provided North Koreans with stolen identities of American citizens. This illicit activity allowed them to gain employment and earn wages, which were subsequently sent back to North Korea to support its sanctioned nuclear weapons program.
This case is part of a broader crackdown on individuals facilitating North Korean "IT worker" schemes, which security experts have labeled a significant threat to Western businesses. These operations not only breach U.S. sanctions but also enable North Korean agents to steal sensitive corporate data and extort companies.
Didenko operated a website named Upworksell, where overseas workers, including North Koreans, could purchase or lease stolen identities to gain employment with U.S. firms. The Justice Department reported that he managed over 870 stolen identities.
In 2024, the FBI seized Upworksell, redirecting its traffic to their own servers. Didenko was arrested by Polish authorities and later extradited to the U.S., where he ultimately pleaded guilty.
According to the U.S. Department of Justice, Didenko also compensated individuals in California, Tennessee, and Virginia to host computers at their residences. These setups, referred to as "laptop farms," allowed North Koreans to perform their jobs remotely, simulating a physical presence in the United States.
Security firm CrowdStrike noted a significant uptick in North Korean workers infiltrating various companies, often taking on roles as remote developers or in technical positions. This scheme is one of many employed by the North Korean regime to generate revenue while circumventing international financial restrictions.
Additionally, North Korean operatives have been known to impersonate recruiters and venture capitalists, deceiving high-profile individuals into granting access to their computers and sensitive information.