A Ukrainian national has been sentenced by a U.S. court to five years in prison for his involvement in a scheme aiding North Korean IT workers. This operation enabled the workers to commit identity theft and secure employment in American companies, redirecting the income to support North Korea’s weapons initiatives.
Details of the Fraudulent Scheme
In November 2025, Oleksandr Didenko, aged 29, admitted to conspiring to commit wire fraud and aggravated identity theft. He was responsible for acquiring and selling U.S. citizens’ identities to North Korean IT professionals, allowing them to obtain jobs at 40 different U.S. firms. The salaries from these jobs were redirected to bolster North Korea’s military capabilities. Didenko was captured in Poland in 2024 and subsequently extradited to the United States.
In addition to his prison sentence, Didenko will undergo 12 months of supervised release and must repay $46,547.28 in restitution. He also forfeited over $1.4 million, which included seized U.S. dollars and cryptocurrency connected to the fraud.
Operations and Tactics
Didenko managed a website, Upworksell[.]com, starting in 2021 to facilitate the illegal activities. The site provided stolen or borrowed identities for IT workers seeking freelance opportunities in California and Pennsylvania. U.S. authorities shut down the site in May 2024. Furthermore, Didenko orchestrated the use of U.S. residences to receive and host laptops, creating the illusion that the workers were based domestically while they operated from countries like China.
The scheme involved managing 871 proxy identities and establishing three U.S.-based laptop farms. One such farm was operated by Christina Marie Chapman in Arizona, who was arrested in 2024 and sentenced to over eight years in prison for her role.
Impact and Continued Threat
Through Money Service Transmitters, Didenko assisted his clients in accessing U.S. financial systems without needing to open domestic bank accounts. This facilitated the transfer of employment earnings to foreign banks. Authorities reported that these workers earned substantial amounts, which were funneled back to North Korea.
U.S. Attorney Jeanine Ferris Pirro remarked on the severity of the scheme, emphasizing how it funneled American resources into North Korea’s hostile regime. Despite ongoing law enforcement efforts, North Korea continues to refine its tactics, posing an evolving threat.
A recent report from Security Alliance (SEAL) highlighted that these IT workers are now leveraging genuine LinkedIn profiles of impersonated individuals to further legitimize their fraudulent job applications.
The persistent nature of these operations underscores the need for heightened vigilance and robust measures to combat such cyber threats.
