Ukrainian Man Jailed for Identity Theft Scheme That Funneled Jobs to North Korean IT Workers
A Ukrainian national from Kyiv has been sentenced to five years in U.S. federal prison for running an identity theft operation that enabled North Korean workers to secure remote jobs at dozens of American companies, channeling salaries back to Pyongyang’s sanctioned nuclear program.[1][2][7]
Oleksandr Didenko’s Guilty Plea and Sentence
Oleksandr Didenko, 29, also known as “Alexander Didenko,” pleaded guilty in November 2025 to charges of wire fraud conspiracy and aggravated identity theft before U.S. District Judge Randolph D. Moss.[2][3][7] On February 20, 2026, he received a 60-month prison sentence, plus 12 months of supervised release and orders to pay $46,547.28 in restitution.[2][7] Authorities also seized over $1.4 million from him and co-conspirators, including $181,438 in U.S. dollars and cryptocurrency.[2]
Didenko’s scheme operated from early 2021, managing as many as 871 stolen or proxy identities of U.S. citizens.[1][2] He ran a website called Upworksell.com, which allowed overseas workers—including North Koreans—to buy or rent these identities for job applications on freelance platforms based in California and Pennsylvania.[1][2] The site was seized by the FBI on May 16, 2024, with its traffic redirected to government servers.[1][2]
Polish authorities arrested Didenko in late 2024, leading to his extradition to the United States.[1][2] U.S. Attorney Jeanine Ferris Pirro described the operation starkly: “Defendant Didenko’s scheme funneled money from Americans and U.S. businesses, into the coffers of North Korea, a hostile regime.”[2] She emphasized North Korea as “an enemy within,” with stolen data harming businesses and funds supporting munitions programs.[2]
The “Laptop Farms” and Remote Work Deception
A key element of the fraud involved laptop farms—rooms in U.S. residences stocked with racks of open laptops to simulate physical presence in America.[1][2][7] Didenko paid individuals in California, Tennessee, Virginia, and Arizona to host these setups, allowing North Korean workers in countries like China to connect remotely.[1][2]
One notable case linked to Christina Marie Chapman in Arizona, who received computers for a laptop farm. Chapman was arrested in May 2024 and sentenced to 102 months in prison in July 2025 for her role.[2] Didenko facilitated at least three such farms, enabling workers to pose as U.S.-based employees.[2]
North Korean operatives used these identities and setups to land remote developer and software engineering roles at over 40 U.S. companies.[2][4] Earnings, totaling hundreds of thousands of dollars, were routed through Money Service Businesses (MSBs) to foreign accounts, bypassing U.S. banks restricted by sanctions.[2]
North Korea’s Broader IT Worker Threat
This conviction is part of a crackdown on North Korea’s “IT worker” schemes, labeled a “triple threat” by security researchers: sanctions violations, data theft, and extortion of victim companies.[1] Threat intelligence firm CrowdStrike reported a sharp rise in infiltrations last year, often in technical roles.[1]
Despite enforcement, the operations evolve. A recent Security Alliance (SEAL) report noted North Koreans now using real LinkedIn profiles of impersonated individuals for authenticity in remote job hunts.[2] Pyongyang employs these tactics to evade global sanctions, funding its nuclear ambitions amid isolation from the financial system.[1][2]
The regime also impersonates recruiters and venture capitalists to access high-net-worth targets’ systems, including cryptocurrency wallets.[1]
Law Enforcement Wins and Ongoing Risks
The U.S. Department of Justice highlighted Didenko’s case as a blow to these networks, following guilty pleas from others like a Tennessee man in related hacks.[3][7] The FBI’s seizure of Upworksell disrupted a major identity marketplace.[1]
Yet, experts warn the schemes persist with adaptive tactics.[2] Companies face risks of insider threats: stolen proprietary data, licensing info, and trade secrets that North Koreans exploit or leverage for silence.[1][2]
Protecting Businesses from IT Worker Fraud
To counter this:
- Vet remote hires rigorously: Cross-check LinkedIn, IP addresses, and video interviews for inconsistencies.[1][2]
- Monitor laptop and network activity: Flag anomalous remote access patterns mimicking U.S. locations.[1]
- Enhance identity verification: Use multi-factor checks beyond resumes for freelance platforms.[2]
- Report suspicions: Collaborate with FBI and cybersecurity firms like CrowdStrike.[1]
U.S. prosecutors stress awareness: North Korean actors “are infiltrating American companies, stealing information… that is harmful to any business.”[2] As remote work booms, diligence is crucial.
Didenko’s sentencing underscores international resolve against state-sponsored cybercrime. While one operator is jailed, vigilance remains essential to starve North Korea’s illicit revenue streams.[1][7]
(Word count: 812)
Original source: TechCrunch – Ukrainian man jailed for identity theft that helped North Koreans get jobs at US companies