Ukrainian gets five years for helping North Koreans secure US tech jobs
(2026/02/20)
- Reference: 1771597820
- News link: https://www.theregister.co.uk/2026/02/20/north_korean_it_worker_prison/
- Source link:
Ukrainian national Oleksandr Didenko will spend the next five years behind bars in the US for his involvement in helping North Korean IT workers secure fraudulent employment.
The 29-year-old played a role in supporting individuals working for a hostile regime to get contracts in the US.
In November 2025, [1]Didenko pleaded guilty to wire fraud and aggravated identity theft, charges related to his website Upworksell.com, which allowed the North Korean techies assume identities stolen from US citizens and use them to secure employment.
[2]
North Korea's [3]IT worker scheme has been running for years. It sees skilled workers illegally gain access to US jobs and salaries, which are used to fund Pyongyang's military.
[4]
[5]
Workers rely on being able to trick US companies into believing they are citizens by using resources such as identity providers like Didenko and [6]laptop farms , which the Ukrainian also funded.
Laptop farms are exactly as they sound. Individuals in the US are paid to operate a series of laptops or PCs to which North Korean workers remotely connect and use to carry out their US job duties.
[7]
Using a laptop farm allows them to connect to company networks, seemingly as if from a US residence instead of a North Korean IP address. Government sanctions prevent North Koreans from working for US companies.
According to prosecutors, Didenko ran Upworksell between 2021 and May 2024, when the Justice Department seized the domain, diverting all traffic to servers controlled by the FBI. Polish police arrested him later that year, and he was extradited on December 31, 2024.
Didenko operated as many as 871 proxy identities during this time, official suspect, and he paid people in at least three residences across California, Tennessee, and Virginia to run laptop farms. He also helped these workers manage their salary payments through money services businesses so that they didn't have to open a US bank account.
[8]
Through Didenko's scheme, North Korean IT workers were able to get hundreds of thousands of dollars in fraudulent salary payments. The Justice Department said much of this was falsely reported to the authorities in the names of those whose identities were stolen.
[9]AI security startup CEO posts a job. Deepfake candidate applies, inner turmoil ensues
[10]Amazon blocked 1,800 suspected North Korean scammers seeking jobs
[11]Selling your identity to North Korean IT scammers isn't a sustainable side hustle
[12]Fake North Korean IT workers sneaking into healthcare, finance, and AI
Didenko agreed to forfeit more than $1.4 million in criminal proceeds as part of his sentence, which will be followed by 12 months of supervised release. He will also pay $46,547.28 in restitution to victims.
"Defendant Didenko's scheme funneled money from Americans and US businesses, into the coffers of North Korea, a hostile regime," said US attorney Jeanine Ferris Pirro, announcing [13]the sentencing .
"Today, North Korea is not only a threat to the homeland from afar, it is an enemy within. By using stolen and fraudulent identities, North Korean actors are infiltrating American companies, stealing information, licensing, and data that is harmful to any business. But more than that, money paid to these so-called employees goes directly to munitions programs in North Korea.
"We should be holding accountable to the fullest extent of the law the individuals, like Didenko, who are knowingly assisting North Koreans so that they can amass more weapons to harm the United States and peace in our world. This is not just a financial crime; it is a crime against national security." ®
Get our [14]Tech Resources
[1] https://www.theregister.com/2025/11/17/doj_north_korean_it_scam/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aZiTNRDWmm5mFOdf0fxTYAAAA5g&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.theregister.com/2025/09/30/north_korean_it_workers_okta/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZiTNRDWmm5mFOdf0fxTYAAAA5g&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZiTNRDWmm5mFOdf0fxTYAAAA5g&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2025/07/24/laptop_farmer_north_korean_it_scam_sentenced/
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZiTNRDWmm5mFOdf0fxTYAAAA5g&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZiTNRDWmm5mFOdf0fxTYAAAA5g&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[9] https://www.theregister.com/2026/02/01/ai_security_startup_ceo_posts/
[10] https://www.theregister.com/2025/12/18/amazon_blocked_fake_dprk_workers/
[11] https://www.theregister.com/2025/11/17/doj_north_korean_it_scam/
[12] https://www.theregister.com/2025/09/30/north_korean_it_workers_okta/
[13] https://www.justice.gov/usao-dc/pr/ukrainian-national-sentenced-laptop-farm-scheme-generated-income-north-korean-it-workers
[14] https://whitepapers.theregister.com/
The 29-year-old played a role in supporting individuals working for a hostile regime to get contracts in the US.
In November 2025, [1]Didenko pleaded guilty to wire fraud and aggravated identity theft, charges related to his website Upworksell.com, which allowed the North Korean techies assume identities stolen from US citizens and use them to secure employment.
[2]
North Korea's [3]IT worker scheme has been running for years. It sees skilled workers illegally gain access to US jobs and salaries, which are used to fund Pyongyang's military.
[4]
[5]
Workers rely on being able to trick US companies into believing they are citizens by using resources such as identity providers like Didenko and [6]laptop farms , which the Ukrainian also funded.
Laptop farms are exactly as they sound. Individuals in the US are paid to operate a series of laptops or PCs to which North Korean workers remotely connect and use to carry out their US job duties.
[7]
Using a laptop farm allows them to connect to company networks, seemingly as if from a US residence instead of a North Korean IP address. Government sanctions prevent North Koreans from working for US companies.
According to prosecutors, Didenko ran Upworksell between 2021 and May 2024, when the Justice Department seized the domain, diverting all traffic to servers controlled by the FBI. Polish police arrested him later that year, and he was extradited on December 31, 2024.
Didenko operated as many as 871 proxy identities during this time, official suspect, and he paid people in at least three residences across California, Tennessee, and Virginia to run laptop farms. He also helped these workers manage their salary payments through money services businesses so that they didn't have to open a US bank account.
[8]
Through Didenko's scheme, North Korean IT workers were able to get hundreds of thousands of dollars in fraudulent salary payments. The Justice Department said much of this was falsely reported to the authorities in the names of those whose identities were stolen.
[9]AI security startup CEO posts a job. Deepfake candidate applies, inner turmoil ensues
[10]Amazon blocked 1,800 suspected North Korean scammers seeking jobs
[11]Selling your identity to North Korean IT scammers isn't a sustainable side hustle
[12]Fake North Korean IT workers sneaking into healthcare, finance, and AI
Didenko agreed to forfeit more than $1.4 million in criminal proceeds as part of his sentence, which will be followed by 12 months of supervised release. He will also pay $46,547.28 in restitution to victims.
"Defendant Didenko's scheme funneled money from Americans and US businesses, into the coffers of North Korea, a hostile regime," said US attorney Jeanine Ferris Pirro, announcing [13]the sentencing .
"Today, North Korea is not only a threat to the homeland from afar, it is an enemy within. By using stolen and fraudulent identities, North Korean actors are infiltrating American companies, stealing information, licensing, and data that is harmful to any business. But more than that, money paid to these so-called employees goes directly to munitions programs in North Korea.
"We should be holding accountable to the fullest extent of the law the individuals, like Didenko, who are knowingly assisting North Koreans so that they can amass more weapons to harm the United States and peace in our world. This is not just a financial crime; it is a crime against national security." ®
Get our [14]Tech Resources
[1] https://www.theregister.com/2025/11/17/doj_north_korean_it_scam/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aZiTNRDWmm5mFOdf0fxTYAAAA5g&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.theregister.com/2025/09/30/north_korean_it_workers_okta/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZiTNRDWmm5mFOdf0fxTYAAAA5g&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZiTNRDWmm5mFOdf0fxTYAAAA5g&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2025/07/24/laptop_farmer_north_korean_it_scam_sentenced/
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZiTNRDWmm5mFOdf0fxTYAAAA5g&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZiTNRDWmm5mFOdf0fxTYAAAA5g&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[9] https://www.theregister.com/2026/02/01/ai_security_startup_ceo_posts/
[10] https://www.theregister.com/2025/12/18/amazon_blocked_fake_dprk_workers/
[11] https://www.theregister.com/2025/11/17/doj_north_korean_it_scam/
[12] https://www.theregister.com/2025/09/30/north_korean_it_workers_okta/
[13] https://www.justice.gov/usao-dc/pr/ukrainian-national-sentenced-laptop-farm-scheme-generated-income-north-korean-it-workers
[14] https://whitepapers.theregister.com/
Did they use NorkVPN?