Ukrainian man jailed for identity theft that helped North Koreans get jobs at US companies

A U.S. federal court has sentenced a Ukrainian man to five years in prison for his role in a long-running identity theft operation that helped North Korean workers abroad obtain fraudulent jobs at dozens of U.S. companies.

U.S. prosecutors charged Oleksandr Didenko, 29, a resident of Kyiv, in 2024. Authorities said he helped set up North Korean workers with stolen identities belonging to U.S. citizens so they could get hired, earn wages, and then funnel those earnings back to Pyongyang. Prosecutors said the North Korean regime used the proceeds to support its internationally sanctioned nuclear weapons program.

The case is the latest in a series of convictions involving people accused of facilitating North Korea’s so-called “IT worker” schemes. Security researchers have described the operations as a “triple threat” to U.S. and Western businesses because they can involve sanctions violations, theft of sensitive corporate data, and later extortion attempts aimed at preventing public disclosure of stolen information.

Prosecutors said Didenko operated a website called Upworksell, which allowed overseas workers — including North Koreans — to buy or rent stolen U.S. identities to secure jobs at American companies. The Justice Department said Didenko handled more than 870 stolen identities as part of the scheme.

The FBI seized Upworksell in 2024 and redirected its traffic to government-controlled servers. Polish authorities later arrested Didenko, after which he was extradited to the United States and ultimately pleaded guilty.

In a statement this week, the U.S. Department of Justice said Didenko also paid people to receive and host computers at their homes in California, Tennessee, and Virginia. These setups, known as “laptop farms,” are spaces filled with racks of open laptops that allow North Korean workers to remotely carry out jobs while appearing to be physically located in the United States.

Cybersecurity firm CrowdStrike said last year it observed a sharp increase in North Korean workers infiltrating companies, often posing as remote developers or taking other technical roles. The operation is one of several methods North Korea uses to generate revenue while remaining cut off from the global financial system due to international sanctions.

North Korean actors have also been known to impersonate recruiters and venture capitalists in attempts to deceive high-profile targets into granting access to their computers, including those connected to cryptocurrency.