A Ukrainian man has been jailed for identity theft for helping North Koreans get jobs at American companies

A Ukrainian man has been sentenced to five years in prison by a US federal court for his role in a long-running identity theft scheme that helped North Korean workers abroad obtain fraudulent jobs at dozens of US companies.

US prosecutors filed charges in 2024 against Kiev resident Oleksandr Didenko, 29, on charges of deceiving North Koreans with stolen identities of US citizens to obtain work and earn a wage. Under this scheme, workers’ profits were transferred to Pyongyang, which the regime used to finance an internationally sanctioned nuclear weapons programme.

This is the latest in a series of recent convictions of individuals involved in facilitating so-called “IT worker” schemes underway in North Korea. Security researchers have described North Korean workers as a “triple threat” to US and Western companies, because they violate US sanctions while simultaneously enabling the North Koreans to steal sensitive company data and later blackmail those victim companies into not disclosing company secrets publicly.

Prosecutors said Didenko ran a website called Upworksell, which allowed people working abroad, including North Koreans, to buy or rent stolen identities to get work at American companies. Didenko handled more than 870 stolen identities, according to the Department of Justice.

The FBI seized Upworksell in 2024 and diverted its traffic to its own servers. Polish authorities arrested Didenko, who was later extradited to the United States and later pleaded guilty.

In a statement this week, the US Department of Justice said Didenko also paid people to receive and host computers in their homes in California, Tennessee and Virginia. These “laptop farms” are rooms with racks of open laptops, allowing North Koreans to do their work remotely as if they were physically in the United States.

Security giant CrowdStrike said last year that it had seen a sharp rise in the number of North Korean workers infiltrating companies, often as remote developers or other technical software engineering jobs. This scheme is among many that the North Korean regime uses to enrich itself, while it is unable to use the global financial system, thanks to international sanctions.

North Koreans have also been known to impersonate recruitment and venture capital firms in an attempt to trick high-profile victims and unsuspecting high-net-worth individuals into giving them access to their computers, including cryptocurrencies.