A Ukrainian national just received a five-year prison sentence for operating a sophisticated identity theft operation that funneled millions of American dollars directly into North Korea’s weapons program, exposing a massive security vulnerability that continues to threaten U.S. companies today.
Story Highlights
- Oleksandr Didenko sold 871 stolen U.S. identities through Upworksell.com to North Korean IT workers seeking remote jobs at American companies
- The scheme generated over $6.8 million for North Korea’s regime, funding weapons programs while compromising data security at 300+ U.S. firms
- Federal prosecutors describe an evolving “triple threat” of sanctions evasion, identity theft, and data extortion that persists despite arrests
- North Korean operatives now use victims’ real LinkedIn profiles to appear more authentic, adapting tactics to evade detection
Ukrainian Orchestrated Identity Theft Pipeline for Hostile Regime
Oleksandr Didenko, a 29-year-old Ukrainian from Kyiv, operated Upworksell.com beginning in early 2021 as a marketplace for stolen American identities. The website sold or rented these identities to overseas IT workers, primarily North Koreans seeking to infiltrate U.S. companies through remote employment. Judge Randolph D. Moss sentenced Didenko to 60 months in federal prison in February 2026, following his guilty plea to wire fraud conspiracy and aggravated identity theft. The court also ordered $46,547 in restitution and forfeiture of over $1.4 million in proceeds from the criminal enterprise.
Laptop Farms Created Illusion of American Workers
Didenko managed 871 proxy identities and established multiple “laptop farms” in Virginia, Tennessee, California, and Arizona to facilitate the scheme. These operations consisted of racks of computers in U.S. homes that allowed North Korean workers operating from China and Russia to appear as local American employees. Co-conspirator Christina Marie Chapman hosted one such laptop farm in Arizona, receiving employer-issued laptops and equipment at her residence. Chapman was arrested in May 2024 and sentenced to 102 months in July 2025 for her role in the operation.
Millions Funneled to North Korean Weapons Development
The stolen identities enabled North Korean workers to secure positions at over 40 U.S. companies on freelance platforms, generating more than $6.8 million that was repatriated to North Korea’s regime through money transmitters. U.S. Attorney Jeanine Ferris Pirro stated that “North Korea is an enemy within,” emphasizing how the scheme directly funded munitions development while violating international sanctions. Didenko personally handled $920,000 in payments between July 2018 and the scheme’s disruption. The FBI seized Upworksell.com on May 16, 2024, one day after arresting Chapman, though the broader infiltration continues with North Korean workers still at large.
Identity Theft Victims Face Tax Liabilities and Credit Damage
Over 60 U.S. citizens had their identities stolen and sold through Didenko’s operation, with more than 35 facing false tax liabilities from unreported income earned by North Korean impostors. The victims experienced credit damage and potential legal complications from employment fraud conducted in their names. The scheme impacted approximately 300 companies that unwittingly hired these fraudulent workers, exposing sensitive business data and potentially violating sanctions against North Korea. This represents a fundamental breach of trust in the remote hiring ecosystem that American businesses increasingly rely upon.
Evolving Tactics Heighten Ongoing National Security Threat
Security experts warn that North Korean IT infiltration continues despite arrests and seizures. CrowdStrike reported a sharp rise in North Korean workers securing remote developer roles at U.S. firms. The Security Alliance issued a report in early 2026 noting that operatives now use victims’ real LinkedIn profiles rather than fabricated ones, making detection significantly more difficult. The State Department maintains a $5 million reward for information leading to the arrest of indicted co-conspirators, including North Korean workers operating under aliases Jiho Han, Haoran Xu, and Chunji Jin, supervised by an individual known as “Zhonghua.”
Sources:
Ukrainian National Sentenced to 5 Years in North Korea IT Worker Scheme
Ukrainian man jailed for identity theft that helped North Koreans get jobs at US companies
US arrests American and Ukrainian in North Korea-linked IT infiltration scheme
North Korean Workers Cyber Scheme
Ukrainian national gets 5-year sentence for involvement in North Korea laptop farm scheme
