A Ukrainian man has been sentenced to five years in a US federal prison for orchestrating a sophisticated identity theft scheme that helped North Korean workers gain fraudulent employment at American companies. Oleksandr Didenko, 29, from Kyiv, was sentenced this week after pleading guilty to charges brought by US prosecutors in 2024.

Didenko's operation, which ran a website called Upworksell, facilitated the sale or rental of stolen US identities to overseas workers, including North Koreans. The wages earned through these fake identities were then funnelled back to the North Korean regime, providing funds for its internationally sanctioned nuclear weapons programme.

A 'Triple Threat' to Businesses

Security researchers have described such North Korean "IT worker" schemes as a "triple threat" to Western companies. They violate US sanctions, enable the theft of sensitive corporate data, and create opportunities for subsequent extortion. Didenko handled more than 870 stolen identities, according to the US Department of Justice.

"This case highlights the persistent threat posed by overseas facilitators who enable North Korea to evade sanctions and fund its unlawful weapons programmes," a Justice Department spokesperson stated this week.

International Operation and 'Laptop Farms'

The FBI seized the Upworksell website in 2024, redirecting its traffic to its own servers. Didenko was subsequently arrested by Polish authorities and extradited to the United States. Prosecutors revealed that Didenko also paid individuals to host "laptop farms"—rooms containing racks of open laptops—in California, Tennessee, and Virginia.

These setups allowed North Korean workers to remotely access the computers as if they were physically located in the US, further concealing their true locations and nationalities from employers.

Rising Infiltration and Broader Schemes

Security firm CrowdStrike reported a sharp increase in North Korean workers infiltrating companies, often posing as remote developers or software engineers. This employment fraud is one of several methods the isolated regime uses to generate revenue outside the global financial system.

Beyond fake employment, North Korean operatives are also known to impersonate recruiters and venture capitalists to trick high-profile individuals, including those in the cryptocurrency sector, into granting computer access.

The conviction is the latest in a series targeting individuals involved in facilitating North Korean IT worker schemes. US authorities continue to warn companies to enhance vetting procedures for remote hires, emphasising the national security and corporate espionage risks posed by such coordinated fraud.