Ukrainian individual imprisoned for identity fraud that assisted North Koreans in obtaining employment at American corporations

A federal court in the U.S. has imposed a five-year prison sentence on a Ukrainian individual for involvement in a prolonged identity theft scheme that enabled North Korean workers abroad to unlawfully secure jobs at numerous U.S. businesses.

In 2024, U.S. prosecutors filed charges against Oleksandr Didenko, 29, a Kyiv resident, for arranging employment for North Koreans using the stolen identities of U.S. citizens to obtain job positions and salaries. Earnings from this operation were sent back to Pyongyang, where the regime allocated them to its sanctioned nuclear weapons initiatives.

This case adds to a sequence of recent convictions of individuals linked to facilitating ongoing “IT worker” schemes associated with North Korea. Security analysts have labeled North Korean workers as a “triple threat” to businesses in the U.S. and the West, as they breach U.S. sanctions, help North Koreans in stealing sensitive information from companies, and subsequently threaten those corporations into secrecy regarding their proprietary information.

According to prosecutors, Didenko operated a site called Upworksell, which permitted overseas individuals, including North Koreans, to purchase or rent stolen identities for employment opportunities with U.S. corporations. The Justice Department reported that Didenko managed over 870 stolen identities.

The FBI took control of Upworksell in 2024 and redirected its traffic to their servers. Polish law enforcement apprehended Didenko, who was extradited to the U.S. and eventually admitted guilt.

Upsellwork's website, at the time of its seizure by the FBI in 2024. — A screenshot displaying Upworksell’s website at the moment of its seizure by the FBI (ImagE: TechCrunch/screenshot)

In a recent statement, the U.S. Department of Justice revealed that Didenko also compensated individuals to accept and maintain computers in their residences in California, Tennessee, and Virginia. These “laptop farms” consist of rooms equipped with racks of operational laptops, allowing North Koreans to carry out their tasks as though they were physically in the United States.

CrowdStrike, a leading security firm, indicated last year that there has been a significant increase in the influx of North Korean workers infiltrating businesses, frequently in the roles of remote developers or other technical software engineering positions. This operation is one of the many strategies the North Korean regime employs to enhance its resources while barred from utilizing the global financial system due to international sanctions.

North Koreans have also been known to pose as recruiters and venture capitalists in attempts to deceive unaware high-profile and high-net-worth targets into providing access to their computers, including cryptocurrency assets.