Ukrainian National Sentenced in ‘Laptop Farm’ Scheme That Generated Income for North Korean IT Workers
WASHINGTON / Thursday, February 19, 2026 – Oleksandr Didenko, 29, of Kyiv, Ukraine, was sentenced today in U.S. District Court to 60 months in prison in connection with a years-long scheme that stole the identities of U.S. citizens and sold them to North Korean workers so they could fraudulently gain employment at 40 U.S. companies, announced U.S. Attorney Jeanine Ferris Pirro.
Didenko, aka “Alexander Didenko,” pleaded guilty Nov. 10, 2025, before Judge Randolph D. Moss to wire fraud conspiracy and aggravated identity theft. Didenko agreed to forfeit more than $1.4 million, which includes approximately $181,438 in USD and cryptocurrency seized from Didenko and his co-conspirators. Judge Moss also ordered Didenko to serve 12 months of supervised release and to pay $46,547.28 in restitution.
“Defendant Didenko’s scheme funneled money from Americans and U.S. businesses, into the coffers of North Korea, a hostile regime. Today, North Korea is not only a threat to the homeland from afar, it is an enemy within. By using stolen and fraudulent identities, North Korean actors are infiltrating American companies, stealing information, licensing, and data that is harmful to any business. But more than that, money paid to these so-called employees goes directly to munitions programs in North Korea,” said U.S. Attorney Pirro. “We should be holding accountable to the fullest extent of the law the individuals, like Didenko, who are knowingly assisting North Koreans so that they can amass more weapons to harm the United States and peace in our world. This is not just a financial crime; it is a crime against national security.”
“Oleksandr Didenko’s fraudulent activity inflicted systemic and deliberate financial harm on U.S. companies and American citizens to benefit not only himself, but a hostile nation state,” said Assistant Director Roman Rozhavsky of the FBI’s Counterintelligence and Espionage Division. “The FBI will not tolerate North Korea’s sustained campaign to victimize American citizens, businesses, and financial institutions to fund its authoritarian regime. Today’s sentencing demonstrates that the FBI will pursue full accountability for anyone found complicit in our adversary’s efforts to defraud and undermine American economic security, and we ask all U.S. companies that employ remote workers to remain vigilant to this new and sophisticated threat.”
According to court documents, Didenko ran a website using a U.S.-based domain, "Upworksell.com," designed to help overseas IT workers buy or rent stolen identities. Beginning in 2021, the IT workers used the identities to get hired on online freelance work platforms based in California and Pennsylvania. The work platforms allowed users to advertise themselves as contract gig workers, create free accounts, advertise their skills and bid on IT work contracts.
Didenko paid individuals in the United States to receive and host computers at residences in Virginia, Tennessee and California.
Through his company, Didenko managed as many as 871 proxy identities and facilitated the operation of at least three U.S.-based “laptop farms.” He enabled his overseas clients to access the U.S. financial system through Money Service Transmitters rather than having to physically open an account at a bank within the United States, which was then used to facilitate the transfer of employment income to foreign bank accounts.
The IT worker clients were paid hundreds of thousands of dollars for their work, much of which was falsely reported to the Department of Homeland Security, the IRS and Social Security Administration in the names of actual U.S. persons whose identities had been stolen.
On May 16, 2024, the Justice Department seized the online domain, Upworksell.com, and diverted all traffic to the FBI. Polish authorities arrested Didenko and on Dec. 31, 2024, extradited him to the United States.
“Oleksandr Didenko participated in a scheme that stole the identities of hundreds of people, to include United States citizens, which were used by North Korea to fraudulently secure lucrative IT jobs,” said Assistant Director in Charges James Barnacle of the FBI’s New York Field Office. “This massive operation not only created an unauthorized backdoor into our country’s job market, but helped fund the regime of an adversary. This case is an example of how the FBI continues to safeguard our critical infrastructure from foreign threat actors seeking to exploit our nation’s sensitive information.”
This case was investigated by the FBI New York Field Office, with assistance from the FBI Norfolk, San Diego and Knoxville Field Offices.
The matter is being prosecuted by Assistant U.S. Attorneys Karen P. Seifert and Steven Wasserman for the District of Columbia. The U.S. Attorney’s Offices for the Southern District of California, Eastern District of Tennessee, and Eastern District of Virginia, the Justice Department’s Office of International Affairs, and Trial Attorney Jacques-Singer Emory of the National Security Division’s National Security Cyber Section provided valuable assistance.
24cr261
Contact
Source: U.S. Attorney's Office, District of Columbia
