Undercover in America: Ukrainian sentenced for aiding North Korean espionage

The Case of Oleksandr Didenko: Ukrainian National Sentenced for Providing Stolen Identities to North Korean IT Workers

A Ukrainian individual, Oleksandr Didenko, has been handed a five-year prison sentence for his involvement in providing North Korean IT workers with stolen identities, enabling them to infiltrate various U.S. companies.

Didenko, aged 39 and hailing from Kyiv, Ukraine, admitted guilt in November 2025 to charges of aggravated identity theft and wire fraud conspiracy following his arrest in Poland in May 2024.

Recently, he was sentenced to 60 months behind bars and 12 months of supervised release, agreeing to surrender over $1.4 million, encompassing cash and cryptocurrency seized from him and his associates.

“Oleksandr Didenko was a key player in a scheme that involved the theft of numerous identities, including those of U.S. citizens, which were subsequently utilized by North Korea in obtaining illicit IT positions,” stated James Barnacle, Assistant Director in Charge of the FBI’s New York Field Office. “This expansive operation not only breached our country’s job market but also provided financial support to an adversarial regime.”

As per legal documents, Didenko pilfered the identities of American citizens and sold them to foreign IT professionals via an online platform called UpWorkSell (later seized by the Justice Department). These stolen identities were then used to deceitfully secure jobs with 40 U.S. companies in California and Pennsylvania.

Throughout the operation, he supplied North Korean remote workers with at least 871 proxy identities and accounts on three freelance IT hiring platforms. Additionally, he facilitated the setup of eight “laptop farms” in various locations, including Virginia, Tennessee, California, and other countries, allowing North Koreans to obscure the origins of their devices.

One such “laptop farm” was managed by Christina Marie Chapman, a 50-year-old individual from Arizona, from her residence between October 2020 and October 2023. Chapman, charged in May 2024, was sentenced to 102 months in prison after pleading guilty in July 2025.

The FBI has repeatedly cautioned about the risks posed by North Korean threat actors posing as U.S.-based IT professionals since 2023. North Korea maintains a robust network of IT workers who utilize stolen identities to secure employment with numerous American firms.

In July 2024, U.S. authorities took action against 20 individuals and 8 companies in three enforcement waves. Subsequently, in August 2025, a fourth wave of sanctions targeted firms linked to North Korean IT worker schemes managed by Russian and Chinese nationals.

Recent revelations in December 2025 highlighted the activities of Famous Chollima (or WageMole) operatives, associated with the notorious North Korean Lazarus hacking group. These operatives used AI tools and stolen identities to deceive recruiters, securing positions at Fortune 500 companies.

Modern IT infrastructure outpaces manual workflows. Discover how your team can reduce delays, enhance reliability with automated responses, and build intelligent workflows using existing tools in the new Tines guide.

Get the guide