US Government 2025 North Korea IT Worker Fraud

The United States Government was targeted by a North Korean fraudulent IT worker scheme that compromised the identities of US citizens. The attack involved identity theft and social engineering to bypass US sanctions and employment restrictions, allowing North Korean IT workers to obtain remote positions with US companies while concealing their true location and nationality. The scheme specifically targeted the US employment verification system to infiltrate American organizations.

The confirmed attack chain began with the theft of US citizen identities, which were then sold to North Korean IT workers. These workers used the stolen identities to apply for and secure remote IT positions with US companies, falsely representing themselves as US-based contractors. The exfiltrated data included personally identifiable information sufficient to bypass employment verification checks, though specific data types beyond identity information were not detailed in available reporting.

The US Department of Justice prosecuted Ukrainian national Oleksandr Didenko for his role in facilitating the scheme, resulting in a five-year prison sentence following his November 2025 guilty plea to wire fraud conspiracy and aggravated identity theft charges. The case represents a significant enforcement action against individuals enabling North Korea's sanctions evasion through fraudulent employment practices targeting the US technology sector.