Tennessee – A Ukrainian man has been sentenced to prison for orchestrating a scheme that stole the identities of Americans and helped North Korean workers obtain remote jobs with U.S. companies. Oleksandr Didenko, 29, of Kyiv, Ukraine, was sentenced in U.S. District Court to 60 months in prison for his role in a years-long operation that enabled foreign workers to fraudulently gain employment at approximately 40 U.S. companies.
Didenko, also known as “Alexander Didenko,” pleaded guilty on Nov. 10, 2025, before Judge Randolph D. Moss to wire fraud conspiracy and aggravated identity theft. As part of his sentence, he agreed to forfeit more than $1.4 million, including about $181,438 in cash and cryptocurrency seized from him and his co-conspirators. The court also ordered 12 months of supervised release and restitution totaling $46,547.28.
Federal prosecutors described the scheme as both a financial crime and a threat to national security.
“Defendant Didenko’s scheme funneled money from Americans and U.S. businesses, into the coffers of North Korea, a hostile regime. Today, North Korea is not only a threat to the homeland from afar, it is an enemy within. By using stolen and fraudulent identities, North Korean actors are infiltrating American companies, stealing information, licensing, and data that is harmful to any business. But more than that, money paid to these so-called employees goes directly to munitions programs in North Korea,” said U.S. Attorney Pirro. “We should be holding accountable to the fullest extent of the law the individuals, like Didenko, who are knowingly assisting North Koreans so that they can amass more weapons to harm the United States and peace in our world. This is not just a financial crime; it is a crime against national security.”
Identity theft scheme fueled foreign infiltration
According to court documents, Didenko operated a website using a U.S.-based domain, “Upworksell.com,” that helped overseas IT workers purchase or rent stolen identities. Beginning in 2021, those workers used the identities to obtain jobs through online freelance platforms based in California and Pennsylvania. These platforms allow contract workers to advertise skills and bid on projects, enabling remote work arrangements that made the fraud harder to detect.
To make the scheme appear legitimate, Didenko paid individuals in the United States to receive and host computers at residences in Virginia, Tennessee, and California. Through his company, he managed as many as 871 proxy identities and oversaw at least three U.S.-based “laptop farms.” These setups allowed overseas workers to remotely connect to U.S.-based devices, making it appear as if they were working from within the country.
Didenko also enabled clients to access the U.S. financial system through money service transmitters, allowing income earned from fraudulent employment to be transferred to foreign bank accounts without opening U.S. bank accounts.
The IT workers earned hundreds of thousands of dollars, much of which was falsely reported to federal agencies — including the Department of Homeland Security, the IRS, and the Social Security Administration — under the names of real Americans whose identities had been stolen.
On May 16, 2024, the Justice Department seized the Upworksell.com domain and redirected traffic to the FBI. Polish authorities arrested Didenko later that year, and he was extradited to the United States on Dec. 31, 2024.
“ Oleksandr Didenko’s fraudulent activity inflicted systemic and deliberate financial harm on U.S. companies and American citizens to benefit not only himself, but a hostile nation state,” said Assistant Director Roman Rozhavsky of the FBI’s Counterintelligence and Espionage Division. “The FBI will not tolerate North Korea’s sustained campaign to victimize American citizens, businesses, and financial institutions to fund its authoritarian regime. Today’s sentencing demonstrates that the FBI will pursue full accountability for anyone found complicit in our adversary’s efforts to defraud and undermine American economic security, and we ask all U.S. companies that employ remote workers to remain vigilant to this new and sophisticated threat.”
Federal authorities said the scheme provided North Korean operatives with a backdoor into the U.S. job market and helped fund an adversarial regime.
“Oleksandr Didenko participated in a scheme that stole the identities of hundreds of people, to include United States citizens, which were used by North Korea to fraudulently secure lucrative IT jobs,” said Assistant Director in Charge James Barnacle of the FBI’s New York Field Office. “This massive operation not only created an unauthorized backdoor into our country’s job market, but helped fund the regime of an adversary. This case is an example of how the FBI continues to safeguard our critical infrastructure from foreign threat actors seeking to exploit our nation’s sensitive information.”
International investigation and prosecution
The investigation was led by the FBI New York Field Office with assistance from FBI offices in Norfolk, San Diego, and Knoxville. The prosecution is being handled by Assistant U.S. Attorneys Karen P. Seifert and Steven Wasserman for the District of Columbia, with support from multiple U.S. Attorney’s Offices and the Justice Department’s Office of International Affairs and National Security Division.
Officials say the case highlights the evolving tactics used by foreign adversaries to exploit remote work systems and underscores the importance of vigilance among U.S. companies. As remote employment continues to expand, authorities warn that identity fraud schemes like this one pose both economic and national security risks.
The sentencing of Didenko closes one chapter in a complex international investigation but serves as a warning about the growing intersection of cybercrime, identity theft, and geopolitical threats.
