Ukrainian man jailed for identity theft that helped North Koreans get jobs at US companies

Source: TechCrunch

Sentencing Overview

A U.S. federal court sentenced a Ukrainian man to five years in prison for his role in a long‑running identity‑theft operation that helped overseas North Korean workers obtain fraudulent employment at dozens of U.S. companies.

U.S. prosecutors brought charges in 2024 against Oleksandr Didenko, 29, a resident of Kyiv, for setting up North Koreans with stolen identities of U.S. citizens so they could be hired and earn wages. The workers’ earnings were funneled back to Pyongyang, where the regime used the funds to support its internationally sanctioned nuclear weapons program.

Background

This conviction is the latest in a string of recent cases involving individuals who facilitated North Korean “IT worker” schemes. Security researchers describe North Korean workers as a “triple threat” to U.S. and Western businesses: they violate U.S. sanctions, enable the theft of sensitive company data, and later extort victim companies into keeping breaches confidential.

Operation Details

• Didenko ran a website called Upworksell, which allowed people working overseas—including North Koreans—to buy or rent stolen identities for gaining employment with U.S. firms.
• The Justice Department reported that Didenko handled more than 870 stolen identities.
• The FBI seized Upworksell in 2024 and redirected its traffic to its own servers.

Screenshot showing Upworksell’s website at the time it was seized by the FBI. (Image: TechCrunch/screenshot)

Law Enforcement Action

Polish authorities arrested Didenko, who was then extradited to the United States and later pleaded guilty. In a statement, the U.S. Department of Justice noted that Didenko also paid individuals to receive and host computers at their homes in California, Tennessee, and Virginia. These “laptop farms” consisted of rooms containing racks of open laptops, allowing North Korean workers to remotely perform their tasks as if they were physically in the United States.

Impact and Broader Context

• Security giant CrowdStrike reported a sharp rise in the number of North Korean workers infiltrating companies, often as remote developers or other technical software‑engineering roles.
• The scheme is one of many the North Korean regime uses to enrich itself while being cut off from the global financial system due to international sanctions.
• North Koreans are also known to impersonate recruiters and venture capitalists to trick high‑profile victims into granting access to their computers, including for cryptocurrency theft.

Related References

• Charges and seizures brought in fraud scheme aimed at denying revenue to workers associated with North Korea (DOJ)
• Five people plead guilty to helping North Koreans infiltrate U.S. companies as remote IT workers (TechCrunch)
• North Korean hackers have stolen billions in crypto by posing as VCs, recruiters, and IT workers (TechCrunch)
• North Korean “IT worker” schemes (TechCrunch)
• Ukrainian national sentenced for laptop‑farm scheme that generated income for North Korean IT workers (DOJ)
• CrowdStrike on rise of North Korean remote workers infiltrating companies (TechCrunch)