A 29 year old Ukrainian citizen has been sentenced to five years in a U.S. federal prison for helping facilitate North Korea’s fraudulent IT worker operation that infiltrated dozens of American companies.
Oleksandr “Alexander” Didenko pleaded guilty in November 2025 to wire fraud conspiracy and aggravated identity theft. Authorities say he stole the identities of U.S. citizens and sold them to overseas IT workers, enabling them to secure remote jobs at approximately 40 American companies. The salaries earned were allegedly redirected to support North Korea’s weapons programs.
Arrest and Financial Penalties
Didenko was arrested by Polish authorities in late 2024 and later extradited to the United States. In addition to the five year prison term, he has been ordered to:
- Serve 12 months of supervised release
- Pay $46,547.28 in restitution
- Forfeit more than $1.4 million in assets
The forfeiture includes around $181,438 in U.S. currency and cryptocurrency seized from Didenko and his associates.
The Upworksell Identity Marketplace
According to the U.S. Department of Justice, Didenko operated a website called Upworksell[.]com beginning in early 2021. The platform allegedly allowed overseas IT workers to buy or rent stolen or borrowed American identities.
Using these identities, the workers applied for freelance and remote positions through online job platforms based in California and Pennsylvania. The fraudulent site was seized by U.S. authorities on May 16, 2024.
Investigators revealed that Didenko managed as many as 871 proxy identities during the scheme.
Laptop Farms and U.S. Infrastructure Abuse
To avoid suspicion, Didenko reportedly paid individuals in Virginia, Tennessee, and California to receive and host company issued laptops at their homes. This created the false impression that the workers were physically located in the United States, while they were actually operating from overseas locations such as China.
He also facilitated at least three U.S. based laptop farms. One of those operations was run by Christina Marie Chapman in Arizona. Chapman was arrested in May 2024 and later sentenced in July 2025 to more than eight years in prison for her role in the conspiracy.
Additionally, Didenko helped North Korean operatives access the U.S. financial system by using Money Service Transmitters instead of traditional U.S. bank accounts. These services were used to move employment income to foreign accounts. Officials say the workers collectively earned hundreds of thousands of dollars.
Ongoing Threat and Evolving Tactics
U.S. Attorney Jeanine Ferris Pirro stated that the operation funneled money from American businesses into the hands of a hostile regime. Authorities warn that North Korea’s IT worker scheme continues to evolve despite law enforcement crackdowns.
A recent report from Security Alliance indicates that operatives have started using legitimate LinkedIn accounts belonging to the individuals they impersonate. This tactic makes fraudulent remote job applications appear more authentic and harder to detect.
Officials emphasize that the case highlights the broader cybersecurity risks posed by foreign state sponsored schemes that exploit remote work environments, identity theft, and global payment systems.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
