A Ukrainian national was sentenced to five years in prison for providing North Korean IT workers with stolen identities that helped them infiltrate U.S. companies.
39-year-old Oleksandr Didenko of Kyiv, Ukraine, pleaded guilty in November 2025 to aggravated identity theft and wire fraud conspiracy after being arrested in Poland in May 2024.
This week, he was sentenced to 60 months in prison and 12 months of supervised release, and agreed to forfeit more than $1.4 million, including cash and cryptocurrency seized from Didenko and his accomplices.
“Oleksandr Didenko participated in a scheme that stole the identities of hundreds of people, to include United States citizens, which were used by North Korea to fraudulently secure lucrative IT jobs,” said James Barnacle, Assistant Director in Charge of the FBI’s New York Field Office. “This massive operation not only created an unauthorized backdoor into our country’s job market, but helped fund the regime of an adversary.”
According to court documents, Didenko stole U.S. citizens’ identities and sold them to overseas IT workers through an online platform known as UpWorkSell (which was seized by the Justice Department), who used them to fraudulently secure jobs with 40 U.S. companies in California and Pennsylvania.
Throughout this scheme, he provided the North Korean remote workers with at least 871 proxy identities and proxy accounts on three freelance IT hiring platforms. He also facilitated the operation of at least eight “laptop farms” in Virginia, Tennessee, California, Florida, Ecuador, Poland, and Ukraine that allowed the North Koreans to make it look like their devices were located in the United States.
One of these “laptop farms” was run by Christina Marie Chapman, a 50-year-old woman from Arizona, from her own home between October 2020 and October 2023. Chapman was charged in May 2024 and was sentenced to 102 months in prison after a July 2025 guilty plea.
The FBI has been warning about the danger presented by North Korean threat actors impersonating U.S.-based IT staff since at least 2023. As the law enforcement agency repeatedly noted, North Korea maintains a large and well-organized army of IT workers who use stolen identities to secure employment with hundreds of American companies.
In July 2024, U.S. authorities sanctioned, charged, or indicted 20 individuals and 8 companies across three separate enforcement waves. These actions were followed by a fourth wave of sanctions in August 2025 that targeted companies associated with North Korean IT worker schemes operated by Russian and Chinese nationals.
More recently, in December 2025, security researchers revealed that Famous Chollima (or WageMole) operatives, part of the notorious North Korean state-backed Lazarus hacking group, tricked recruiters using AI tools and stolen identities and got hired by Fortune 500 companies.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.