North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.
North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.
February 20, 2026 
A Ukrainian man was sentenced to five years in the U.S. for helping North Korean IT workers use stolen identities to get hired by U.S. firms.
Oleksandr “Alexander” Didenko, a 29-year-old Ukrainian national, has been sentenced to five years in a U.S. prison for supporting North Korea’s fraudulent IT worker scheme. Didenko admitted stealing U.S. identities and selling them to North Korean IT workers, enabling them to secure jobs at 40 American companies. The salaries were funneled back to Pyongyang. He was arrested in Poland in 2024 and later extradited.
“Oleksandr Didenko, 29, of Kyiv, Ukraine, was sentenced today in U.S. District Court to 60 months in prison in connection with a years-long scheme that stole the identities of U.S. citizens and sold them to North Korean workers so they could fraudulently gain employment at 40 U.S. companies, announced U.S. Attorney Jeanine Ferris Pirro.” reads the press release published by “Didenko, aka “Alexander Didenko,” pleaded guilty Nov. 10, 2025, before Judge Randolph D. Moss to wire fraud conspiracy and aggravated identity theft.”
Didenko will forfeit over $1.4M, including $181K in cash and crypto, serve 12 months supervised release, and pay $46,547 in restitution.
Didenko has also been ordered to serve 12 months of supervised release and to pay $46,547.28 in restitution. Last year, Didenko also agreed to forfeit more than $1.4 million, which includes about $181,438 in U.S. dollars and cryptocurrency seized from him and his co-conspirators.
Didenko allegedly ran a multi-year scheme creating accounts on U.S.-based freelance IT job platforms and money service transmitters using false identities, including those of U.S. persons. Then the man sold these accounts to overseas IT workers. He is the administrator of a website called upworksell.com, which was used to advertise these services along with credit card and SIM card rentals. The investigation revealed that Didenko managed about 871 proxy identities and provided accounts for three freelance IT platforms and three U.S.-based money service transmitters. He facilitated at least three U.S.-based laptop farms, hosting around 79 computers, and received or sent $920,000 since July 2018. The man admitted to assisting North Korean IT workers and was interconnected with other cells within the DPRK IT worker network.
“Defendant Didenko’s scheme funneled money from Americans and U.S. businesses, into the coffers of North Korea, a hostile regime. Today, North Korea is not only a threat to the homeland from afar, it is an enemy within. By using stolen and fraudulent identities, North Korean actors are infiltrating American companies, stealing information, licensing, and data that is harmful to any business. But more than that, money paid to these so-called employees goes directly to munitions programs in North Korea,” said U.S. Attorney Pirro. “We should be holding accountable to the fullest extent of the law the individuals, like Didenko, who are knowingly assisting North Koreans so that they can amass more weapons to harm the United States and peace in our world. This is not just a financial crime; it is a crime against national security.”
In May 2024, the Justice Department unsealed charges against an Arizona woman, a Ukrainian man, and three unidentified foreign nationals accused of aiding overseas IT workers, pretending to be U.S. citizens, to infiltrate hundreds of firms in remote IT positions. North Korea used this scheme to dispatch thousands of skilled IT workers globally, using stolen U.S. identities to infiltrate companies and raise revenue. The schemes defrauded over 300 U.S. companies, utilizing U.S. payment platforms, online job sites, and proxy computers. According to the DoJ, this is the largest scheme of this kind ever charged by US authorities.
The operations coordinated by the North Korean government took place between October 2020 and October 2023. Intelligence experts speculate the campaign was aimed at financing the government’s illicit nuclear program.
The defendant Christina Marie Chapman was arrested in May in Litchfield Park, Arizona, while Oleksandr Didenko was arrested in Poland a few days before.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, North Korea IT workers)
About Author
