Ukrainian Man Sentenced to Five Years for North Korean IT Worker Scheme
A U.S. federal court has sentenced Oleksandr Didenko, 29, of Kyiv, to five years in prison for operating an identity theft scheme that enabled overseas North Korean workers to gain fraudulent employment at dozens of U.S. companies.
Didenko was sentenced to five years for facilitating the use of stolen U.S. identities by North Korean workers.
U.S. prosecutors charged Didenko in 2024 with setting up North Koreans with stolen identities of U.S. citizens to secure employment and earn wages. According to prosecutors, the workers’ earnings were funneled back to Pyongyang and used by the regime to fund its internationally sanctioned nuclear weapons program.
The conviction marks the latest in a series of cases involving individuals accused of facilitating North Korea’s so-called “IT worker” schemes. Security researchers have described North Korean workers as a “triple threat” to U.S. and Western businesses, citing sanctions violations, data theft risks, and extortion of victim companies.
Prosecutors said Didenko operated a website called Upworksell that allowed individuals working overseas, including North Koreans, to buy or rent stolen identities to obtain employment with U.S. firms. The Justice Department said Didenko handled more than 870 stolen identities.
Website Seizure and Extradition
The FBI seized Upworksell in 2024 and redirected its traffic to servers controlled by U.S. authorities. Polish officials arrested Didenko, who was extradited to the United States and later pleaded guilty.
In a statement this week, the U.S. Department of Justice said Didenko also paid individuals to receive and host computers in their homes in California, Tennessee, and Virginia. These locations functioned as “laptop farms,” described as rooms containing racks of open laptops.
Authorities said the setup allowed North Koreans to remotely perform work while appearing to operate from within the United States. Such arrangements can enable workers overseas to bypass employer verification processes that rely on domestic IP addresses and physical presence.
The case reflects a broader pattern in which North Korean nationals allegedly secure remote employment roles, particularly in software engineering and technical positions, while operating from abroad. The wages earned are then transferred back to the regime, according to U.S. prosecutors.
Security Risks and Broader Context
Security firm CrowdStrike reported last year a sharp increase in North Korean workers infiltrating companies, frequently posing as remote developers or other technical professionals. The firm noted that such workers often seek positions that grant access to sensitive systems and intellectual property.
Security researchers have warned that the schemes can expose companies to sanctions violations, intellectual property theft, and potential extortion. In some cases, workers allegedly exfiltrate sensitive data and later threaten public disclosure.
The U.S. government has long maintained that North Korea uses overseas labor schemes to generate revenue amid international sanctions that restrict access to the global financial system. According to the U.S. Department of Justice, these enforcement actions are part of broader efforts to disrupt sanctions evasion networks.
Prosecutors said Didenko’s operation facilitated fraudulent employment at dozens of U.S. companies by providing stolen identities and enabling remote access infrastructure. The Justice Department stated that Didenko handled more than 870 identities through the platform.
Beyond employment fraud, North Koreans have also been known to impersonate recruiters and venture capitalists in attempts to gain access to victims’ computers, including systems connected to cryptocurrency holdings. Such tactics have targeted high-profile and high-net-worth individuals, according to security researchers.
The sentencing of Didenko adds to a growing list of prosecutions tied to identity theft and sanctions evasion linked to North Korea’s overseas IT workforce programs. The five-year prison term concludes a case that began with charges in 2024 and culminated in extradition, a guilty plea, and sentencing in U.S. federal court.