A U.S. federal court has sentenced a Ukrainian man to five years in prison for his role in an identity theft operation that enabled North Korean workers to obtain fraudulent jobs at U.S. companies and send earnings back to Pyongyang, according to U.S. prosecutors.
The Charges And The Scheme
Prosecutors said Oleksandr Didenko, 29, a resident of Kyiv, was charged in 2024 for setting up North Korean workers with stolen identities of U.S. citizens so they could be hired by American firms. Under the arrangement, the wages earned through those jobs were sent back to North Korea, where the government used the money to support its nuclear weapons program, which is subject to international sanctions.
U.S. officials described the case as part of a wider effort to disrupt what they call North Korean “IT worker” schemes. Security researchers have said these workers pose a “triple threat” to U.S. and Western companies by violating sanctions, enabling theft of sensitive company data, and later using that access to extort victim companies.
Upworksell And Stolen Identities
Prosecutors said Didenko operated a website called Upworksell. The site allowed people working overseas, including North Koreans, to buy or rent stolen U.S. identities to obtain jobs at American companies. The U.S. Department of Justice said Didenko handled more than 870 stolen identities.
The FBI seized the Upworksell website in 2024 and redirected its traffic to government-controlled servers. Polish authorities later arrested Didenko. He was extradited to the United States and pleaded guilty.
Laptop Farms And Remote Access
In a statement this week, the Justice Department said Didenko also paid people to receive and host computers in their homes in California, Tennessee, and Virginia. These locations, described as “laptop farms,” consisted of rooms with racks of open laptops. The setup allowed North Korean workers to connect remotely and perform their jobs as if they were physically based in the United States.
Broader Context Of The Activity
Security firm CrowdStrike said last year that it has seen a sharp increase in North Korean workers infiltrating companies, often in remote developer or other technical software roles. U.S. officials have said the practice is one of several methods the North Korean government uses to generate revenue while being cut off from much of the global financial system due to sanctions.
Authorities have also said North Korean operators impersonate recruiters and venture capital investors in attempts to trick targets into granting access to their computers, including systems tied to cryptocurrency.
Featured image credits: rawpixel.com
For more stories like it, click the +Follow button at the top of this page to follow us.