A federal judge in the United States has sentenced Oleksandr Didenko, a 29-year-old Ukrainian national from Kyiv, to five years in prison for his role in an elaborate identity theft and remote worker fraud scheme that facilitated North Korean operatives gaining unauthorized access to U.S. firms.

The sentence comes after Didenko pleaded guilty in November 2025 to charges of aggravated identity theft and conspiracy to commit wire fraud — offenses that stemmed from a years-long operation designed to exploit the growing trend of remote work while evading international sanctions.

How the Scheme Worked

According to court filings, Didenko built and operated a website called UpWorkSell that sold or rented stolen American identities to foreign IT workers, including North Koreans, enabling them to pose as legitimate candidates for remote information technology jobs at U.S. companies.

Prosecutors said the scheme involved:

• Stealing personal information of U.S. citizens and using it to create fraudulent online profiles;
• Operating networks of computers (“laptop farms”) in the United States and abroad — including in states such as Virginia, Tennessee, and California, as well as in Ukraine and Ecuador — to make it appear that remote workers were physically located in the U.S.; and
• Using the fraudulent identities to secure remote employment with at least 40 U.S. firms, often in high-paying technical positions.

During the course of the operation, the Justice Department says Didenko oversaw more than 870 proxy identities and coordinated with accomplices who hosted equipment that masked the true locations of the remote workers.

Consequences and Additional Penalties

In addition to his 60-month prison term, Didenko agreed to forfeit over $1.4 million in cash and cryptocurrency connected to the scheme, as well as pay nearly $47,000 in restitution.

Investigators emphasized that the fraud didn’t just harm individual Americans whose identities were stolen — it also breached corporate trust and security, undermining hiring processes and potentially exposing companies to theft of intellectual property and confidential data.

Officials noted that the workers who ultimately benefited from the stolen identities sent much of their earnings back to North Korea, where such funds are believed to help finance the regime’s weapons programs and other sanctioned activities.

Part of a Broader Pattern of Abuse

This conviction is one of several recent federal actions targeting individuals who helped North Korean IT workers infiltrate Western companies. In late 2025, multiple accomplices — including U.S. citizens — pleaded guilty in related cases involving similar schemes that used real and fabricated identities to secure remote employment at American firms.

The Department of Justice has characterized these cases as part of an ongoing effort to disrupt what authorities call the North Korean remote worker scheme — a global, clandestine effort by Pyongyang to exploit remote work opportunities for financial gain and intelligence activities.