Ukrainian Man Sentenced to Five Years for Involvement in North Korean Identity Theft Operation
A U.S. federal court has handed down a five-year prison sentence to Oleksandr Didenko, a Ukrainian man residing in Kyiv, for his role in a sophisticated identity theft scheme that facilitated fraudulent employment for North Korean workers at numerous U.S. companies. The operation, aimed at funneling earnings back to Pyongyang to support its illicit nuclear weapons program, involved the use of stolen identities of U.S. citizens to secure jobs for overseas workers.
The prosecution of Didenko in 2024 marked a significant development in the ongoing efforts to dismantle networks enabling North Korean workers to engage in unlawful activities abroad. These workers, often referred to as “IT workers,” pose a serious threat to U.S. and Western businesses by violating sanctions, stealing sensitive data, and engaging in extortion tactics against victim companies.
Didenko operated a website called Upworksell, where individuals, including North Koreans, could purchase or rent stolen identities to secure employment with American firms. According to the Justice Department, Didenko managed over 870 stolen identities through the platform.
Following the FBI’s seizure of Upworksell and Didenko’s subsequent arrest by Polish authorities, he was extradited to the U.S. where he pleaded guilty to the charges. The Justice Department revealed that Didenko also paid individuals to house and operate laptops in California, Tennessee, and Virginia, creating “laptop farms” that allowed North Korean workers to remotely conduct their activities as if they were physically present in the United States.
Security experts, including CrowdStrike, have noted a rise in the infiltration of North Korean workers into companies, often posing as developers or technical professionals. These illicit activities are part of the North Korean regime’s efforts to circumvent international sanctions and generate revenue through illegal means.
In addition to identity theft and employment scams, North Korean operatives have been known to engage in impersonation schemes targeting high-profile individuals and organizations to gain access to sensitive information, including cryptocurrency assets.
