A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea’s fraudulent information technology (IT) worker scheme.
In November 2025, Oleksandr “Alexander” Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to IT workers to help them land jobs at 40 U.S. companies and draw regular salaries, which were then funneled back to the regime to support its weapons programs. He was apprehended by Polish authorities in late 2024, and later extradited to the U.S.
Didenko has also been ordered to serve 12 months of supervised release and to pay $46,547.28 in restitution. Last year, Didenko also agreed to forfeit more than $1.4 million, which includes about $181,438 in U.S. dollars and cryptocurrency seized from him and his co-conspirators.
The defendant is said to have run a website named Upworksell[.]com to help overseas IT workers buy or rent stolen or borrowed identities since the start of 2021. The IT workers abused these identities to apply for jobs on freelance work platforms based in California and Pennsylvania. The site was seized by authorities on May 16, 2024.
In addition, Didenko paid individuals in the U.S. to receive and host laptops at their residences in Virginia, Tennessee and California. The idea was to give the impression that the workers were located in the country, when, in reality, they were connecting remotely from countries like China, where they were dispatched to.
As part of the criminal scheme, Didenko managed as many as 871 proxy identities and facilitated the operation of at least three U.S.-based laptop farms. One of the computers was sent to a laptop farm run by Christina Marie Chapman in Arizona. Chapman was arrested in May 2024 and sentenced to 102 months in prison in July 2025 for participating in the scheme.
Furthermore, he enabled his North Korean clients to access the U.S. financial system through Money Service Transmitters instead of having to open an account at a bank within the U.S. These money transfer services were used to move employment income to foreign bank accounts. Officials said Didenko’s clients were paid hundreds of thousands of dollars for their work.
“Defendant Didenko’s scheme funneled money from Americans and U.S. businesses, into the coffers of North Korea, a hostile regime,” said U.S. Attorney Jeanine Ferris Pirro. “Today, North Korea is not only a threat to the homeland from afar, it is an enemy within.”
“By using stolen and fraudulent identities, North Korean actors are infiltrating American companies, stealing information, licensing, and data that is harmful to any business. But more than that, money paid to these so-called employees goes directly to munitions programs in North Korea.”
Despite continued law enforcement actions, the Hermit Kingdom’s conspiracy shows no signs of stopping. If anything, the operation has continued to evolve with new tactics and techniques to evade detection.
According to a report from threat intelligence firm Security Alliance (SEAL) last week, the IT workers have begun to apply for remote positions using real LinkedIn accounts of individuals they’re impersonating in an effort to make their fraudulent applications look authentic.
