Ukrainian man jailed for identity theft that helped North Koreans get jobs at US companies

Source: TechCrunch

Background

A U.S. federal court sentenced Ukrainian national Oleksandr Didenko, 29, of Kyiv, to five years in prison for his role in a long‑running identity‑theft operation that enabled overseas North Korean workers to obtain fraudulent employment at dozens of U.S. companies. The scheme funneled the workers’ earnings back to Pyongyang, where the regime used the funds to support its internationally sanctioned nuclear weapons program.

Operation Details

• Website: Didenko operated a site called Upworksell, which allowed individuals abroad—including North Koreans—to buy or rent stolen U.S. identities for the purpose of gaining employment with U.S. firms.
• Scale: The Justice Department reported that Didenko handled more than 870 stolen identities.
• Laptop farms: According to a DOJ statement, Didenko also paid people to receive and host computers in homes across California, Tennessee, and Virginia. These “laptop farms” consisted of rooms filled with racks of open laptops, enabling North Korean workers to perform remote work as if they were physically in the United States.

The FBI seized Upworksell in 2024, redirected its traffic to FBI servers, and coordinated with Polish authorities to arrest Didenko. He was subsequently extradited to the United States and pleaded guilty.

Legal Action

• Charges: U.S. prosecutors brought charges in 2024, citing the scheme’s role in violating sanctions and funding North Korea’s nuclear program.
• Sentencing: Didenko received a five‑year prison sentence.

The case follows a series of recent convictions related to North Korean “IT worker” schemes, which security researchers describe as a “triple threat” to U.S. and Western businesses: they breach sanctions, facilitate data theft, and enable extortion of victim companies.

Broader Impact

• Industry response: Security firm CrowdStrike reported a sharp increase in North Korean workers infiltrating companies as remote developers or technical staff.
• Recruiter impersonation: North Korean actors also impersonate recruiters and venture capitalists to trick high‑profile victims into granting computer access, including for cryptocurrency theft.

References

• Charges and seizures brought in fraud scheme aimed at denying revenue to workers associated with North Korea (DOJ)
• Five people plead guilty to helping North Koreans infiltrate U.S. companies as remote IT workers (TechCrunch)
• North Korean hackers have stolen billions in crypto by posing as VCs, recruiters, and IT workers (TechCrunch)
• DOJ statement on Ukrainian national sentenced for laptop‑farm scheme (DOJ)
• CrowdStrike on rise of North Korean remote workers (TechCrunch)