Ukrainian National Sentenced to 5 Years for Aiding North Korean Espionage in US Businesses
Ukrainian National Sentenced to 5 Years for Helping North Korean IT Workers Infiltrate US Companies
A Ukrainian national, Oleksandr Didenko, has been sentenced to five years in prison for his role in a scheme that helped North Korean IT workers infiltrate US companies using stolen identities.
Didenko’s Crimes
Didenko, 39, of Kyiv, Ukraine, pleaded guilty to aggravated identity theft and wire fraud conspiracy in November 2025, after being arrested in Poland in May 2024.
As part of the scheme, Didenko stole the identities of hundreds of people, including US citizens, and sold them to overseas IT workers through an online platform.
These stolen identities were then used by North Korean remote workers to secure jobs with at least 40 US companies in California and Pennsylvania.
Didenko provided the North Koreans with at least 871 proxy identities and proxy accounts on three freelance IT hiring platforms.
The Scheme
The scheme also involved the operation of “laptop farms” in several countries, including the US, Ukraine, and Ecuador.
These laptop farms allowed the North Koreans to make it appear as though their devices were located in the US, making it easier for them to secure employment with US companies.
Threat Posed by North Korean Threat Actors
The FBI has been warning about the threat posed by North Korean threat actors impersonating US-based IT staff since at least 2023.
According to the FBI, North Korea maintains a large and well-organized army of IT workers who use stolen identities to secure employment with hundreds of American companies.
Actions Taken by US Authorities
In recent years, US authorities have taken several actions to disrupt these schemes.
In July 2024, 20 individuals and 8 companies were sanctioned, charged, or indicted in connection with North Korean IT worker schemes.
Additional sanctions were imposed in August 2025, targeting companies associated with these schemes operated by Russian and Chinese nationals.
Persistent Problem
The use of stolen identities and AI tools by North Korean threat actors to secure employment with US companies has been a persistent problem.
In December 2025, security researchers revealed that operatives from the Lazarus hacking group, also known as Famous Chollima or WageMole, had used these tactics to get hired by Fortune 500 companies.
Sentence and Forfeiture
Didenko’s sentence includes 60 months in prison, 12 months of supervised release, and the forfeiture of more than $1.4 million in cash and cryptocurrency.
A co-conspirator, Christina Marie Chapman, was sentenced to 102 months in prison in July 2025 for her role in the scheme.
“Didenko’s actions had created an unauthorized backdoor into the US job market and helped fund the regime of an adversary,” said James Barnacle, FBI’s Assistant Director in Charge of the New York Field Office.
The case highlights the ongoing threat posed by North Korean threat actors and the need for US companies to be vigilant in verifying the identities of their employees.
About Author
English