Ukrainian man jailed for identity theft that helped North Koreans get jobs at US companies

A U.S. federal court has handed down a five-year prison sentence to a Ukrainian national for orchestrating a sophisticated identity theft scheme that enabled North Korean operatives to infiltrate dozens of American companies under false pretenses. The case, which prosecutors say funneled illicit earnings back to Pyongyang to fund its banned nuclear weapons program, marks the latest in a series of high-profile convictions targeting networks that help North Korean workers bypass U.S. sanctions.

Oleksandr Didenko, 29, a resident of Kyiv, was sentenced after pleading guilty to running Upworksell, a covert online marketplace that sold or rented stolen U.S. identities to overseas workers—including operatives from North Korea. According to the U.S. Department of Justice, Didenko managed over 870 stolen identities, which were used to secure remote employment with American firms. The operation allowed North Korean workers to pose as U.S.-based professionals, collecting salaries that were ultimately redirected to support Pyongyang’s weapons programs.

The scheme is part of a broader, ongoing effort by North Korea to circumvent international sanctions and generate revenue through illicit means. Security researchers have labeled North Korean IT workers a “triple threat” to Western businesses: they violate sanctions, steal sensitive corporate data, and later attempt to extort victims by threatening to leak proprietary information.

In addition to running the identity marketplace, Didenko facilitated the creation of so-called “laptop farms” across California, Tennessee, and Virginia. These setups involved recruiting individuals to host racks of open laptops in their homes, creating the illusion that remote workers were physically present in the United States. This tactic helped North Korean operatives evade detection during video interviews and maintain the appearance of legitimate U.S.-based employment.

The FBI seized Upworksell in 2024, redirecting its web traffic to agency servers. Polish authorities arrested Didenko, who was subsequently extradited to the United States. His guilty plea and sentencing follow a string of similar convictions in recent months, underscoring the scale and persistence of North Korea’s employment infiltration schemes.

Cybersecurity firm CrowdStrike reported a sharp increase last year in the number of North Korean workers penetrating companies, often posing as remote developers or other technical roles. These infiltrations are part of a multi-pronged strategy by Pyongyang to exploit the global remote work boom and access the international financial system despite heavy sanctions.

North Korean operatives have also been known to impersonate recruiters and venture capitalists, targeting high-net-worth individuals and cryptocurrency firms to gain unauthorized access to sensitive systems. The combination of identity theft, remote work exploitation, and social engineering makes these operations particularly difficult to detect and disrupt.

The case highlights the growing intersection of cybercrime, economic sanctions evasion, and state-sponsored espionage, as well as the challenges faced by companies in verifying the true identities and locations of remote workers in an increasingly digital and borderless economy.

—

Tags: North Korean IT workers, identity theft, sanctions evasion, laptop farms, Upworksell, Oleksandr Didenko, CrowdStrike, cybersecurity, remote work infiltration, nuclear funding, FBI seizure, international sanctions, corporate espionage, data theft, extortion, crypto scams, venture capital impersonation, state-sponsored cybercrime, U.S. Department of Justice, extradition, triple threat, global financial system, remote developers, stolen identities, Pyongyang regime, cyber infiltration, economic warfare, digital deception, remote workforce security.,