Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case
Ukrainian National Sentenced to 5 Years in Prison for Role in Scheme to Defraud US Companies
A 29-year-old Ukrainian national has been sentenced to five years in prison in the United States for his role in facilitating a large-scale scheme to defraud American companies by using stolen identities to hire North Korean IT workers.
Background of the Scheme
Oleksandr Didenko, also known as Alexander, pleaded guilty to wire fraud conspiracy and aggravated identity theft in November 2025. He was arrested by Polish authorities in late 2024 and later extradited to the US.
How the Scheme Worked
Didenko’s scheme involved stealing the identities of US citizens and selling them to North Korean IT workers, who used them to apply for jobs at 40 US companies. The workers were then able to draw regular salaries, which were funneled back to the North Korean regime to support its weapons programs.
To carry out the scheme, Didenko operated a website called Upworksell.com, which allowed overseas IT workers to buy or rent stolen or borrowed identities. He also paid individuals in the US to receive and host laptops at their residences, giving the impression that the workers were located in the country when they were actually connecting remotely from China and other locations.
Scope of the Scheme
Didenko managed as many as 871 proxy identities and facilitated the operation of at least three US-based laptop farms. One of the laptops was sent to a laptop farm run by Christina Marie Chapman, who was arrested in May 2024 and sentenced to 102 months in prison in July 2025 for participating in the scheme.
Financial Impact
Didenko’s clients were paid hundreds of thousands of dollars for their work, which was funneled into the North Korean regime’s coffers through money service transmitters. This allowed the regime to access the US financial system without having to open a bank account in the US.
US Attorney Jeanine Ferris Pirro stated that Didenko’s scheme “funneled money from Americans and US businesses into the coffers of North Korea, a hostile regime.” She added that the scheme was part of a larger effort by North Korea to infiltrate American companies and steal sensitive information.
Continued Threat
Despite law enforcement efforts to disrupt the scheme, it continues to evolve and adapt. According to a recent report from threat intelligence firm Security Alliance, North Korean IT workers have begun using real accounts of individuals they are impersonating to apply for remote positions, making their fraudulent applications appear more authentic.
Sentence and Restitution
Didenko has been ordered to serve 12 months of supervised release and to pay $46,547.28 in restitution. He has also agreed to forfeit more than $1.4 million, including $181,438 in US dollars and cryptocurrency seized from him and his co-conspirators.
About Author
English