it

Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case

Published: (February 20, 2026 at 04:52 AM EST)
3 min read
Source: The Hacker News

Source: The Hacker News

[Image: IT Worker Fraud]

Sentencing

A 29‑year‑old Ukrainian national, Oleksandr “Alexander” Didenko, was sentenced to five years in prison for facilitating North Korea’s fraudulent information‑technology (IT) worker scheme. The sentencing includes 12 months of supervised release and restitution of $46,547.28. Didenko also forfeited more than $1.4 million in cash and cryptocurrency seized from him and his co‑conspirators.

Background of the Scheme

  • In November 2025 Didenko pleaded guilty to wire‑fraud conspiracy and aggravated identity theft for stealing U.S. citizens’ identities and selling them to North Korean IT workers.
  • The stolen identities were used to obtain jobs at 40 U.S. companies, with salaries funneled back to the North Korean regime to support its weapons programs.
  • Didenko was apprehended by Polish authorities in late 2024 and later extradited to the United States.

Operational Details

Upworksell.com

The defendant operated a website, Upworksell.com, which facilitated the purchase or rental of stolen or borrowed identities starting in 2021. These identities were used on freelance platforms in California and Pennsylvania. The site was seized on May 16 2024.

Laptop Farms

Didenko paid individuals in Virginia, Tennessee, and California to receive and host laptops at their residences, creating the illusion that the workers were physically located in the United States while they actually connected remotely from countries such as China.

  • He managed up to 871 proxy identities and helped operate at least three U.S.-based laptop farms.
  • One farm was run by Christina Marie Chapman in Arizona; Chapman was arrested in May 2024 and sentenced to 102 months in July 2025.

Financial Channels

Instead of opening U.S. bank accounts, Didenko’s North Korean clients used Money Service Transmitters to move employment income to foreign bank accounts. Officials reported that the clients were paid hundreds of thousands of dollars for their work.

Official Statements

“Defendant Didenko’s scheme funneled money from Americans and U.S. businesses into the coffers of North Korea, a hostile regime,” said U.S. Attorney Jeanine Ferris Pirro.
“By using stolen and fraudulent identities, North Korean actors are infiltrating American companies, stealing information, licensing, and data that is harmful to any business. But more than that, money paid to these so‑called employees goes directly to munitions programs in North Korea.”

Ongoing Threat

Despite continued law‑enforcement actions, the operation continues to evolve. A recent report from threat‑intelligence firm Security Alliance (SEAL) indicates that IT workers are now applying for remote positions using real LinkedIn accounts of the individuals they impersonate, making fraudulent applications appear more authentic.

[Image: ThreatLocker]

0 views
#cybercrime #fraud #North Korea #IT worker scheme #law enforcement #prison sentence
View source
Share:
Back to Blog

Related posts

Read more »

Ring Cancels Its Partnership with Flock

Ring Cancels Its Partnership with Flock It’s a demonstration of how toxic the surveillance‑tech company Flock has become when Amazon’s Ring cancelshttps://www....