Inside the ‘Upworksell’ Syndicate: Hacker Gets 60 Months for Funneling US Tech Jobs to North Korea

A 29-year-old Ukrainian national has been sentenced to 60 months in federal prison for orchestrating a massive, years-long cyber-fraud scheme. Oleksandr Didenko’s sophisticated operation systematically harvested the identities of U.S. citizens, selling them to North Korean IT workers so they could infiltrate American corporate networks and funnel hundreds of thousands of dollars back to a hostile regime.

The sentencing, handed down by U.S. District Court Judge Randolph D. Moss, marks the culmination of a high-stakes international investigation that exposed a dangerous new backdoor into the U.S. economy.

Operating under the alias “Alexander Didenko,” the Kyiv native built a sprawling digital underworld designed specifically to subvert U.S. employment and financial verification systems. According to court documents, the linchpin of his operation was a website utilizing a U.S.-based domain, “Upworksell.com.”

This platform operated as a dark-market concierge service, “designed to help overseas IT workers buy or rent stolen identities.” Armed with these fabricated American personas, North Korean operatives successfully breached the HR defenses of 40 different U.S. companies.

To make the overseas workers appear as though they were logging in from within the United States, Didenko didn’t just rely on standard VPNs. He constructed physical infrastructure. He paid individuals across the U.S. to host computers in residences spanning Virginia, Tennessee, and California. Through his company, Didenko “facilitated the operation of at least three U.S.-based ‘laptop farms'” and managed 871 proxy identities.

Didenko constructed a financial pipeline that bypassed traditional banking scrutiny. He “enabled his overseas clients to access the U.S. financial system through Money Service Transmitters rather than having to physically open an account at a bank within the United States.” This allowed the illicitly earned employment income to be seamlessly transferred to foreign bank accounts, all while falsely reporting the earnings to the IRS and Social Security Administration under the names of the innocent American identity theft victims.

U.S. officials were quick to highlight that this was not merely a white-collar financial crime, but a direct threat to global security. The funds generated by these IT contracts were funneled directly into the Democratic People’s Republic of Korea (DPRK).

Didenko’s digital empire began to crumble on May 16, 2024, when the Justice Department seized the Upworksell.com domain, diverting all its traffic directly to the FBI. He was subsequently arrested by Polish authorities and extradited to the United States on December 31, 2024.

Having pleaded guilty to wire fraud conspiracy and aggravated identity theft late last year, Didenko is now facing the consequences. In addition to his 60-month prison sentence and 12 months of supervised release, he agreed to forfeit over $1.4 million—including $181,438 in USD and cryptocurrency seized during the investigation—and must pay $46,547.28 in restitution.

Related Posts:

• North Korean Operatives Use GenAI to Infiltrate Global Tech Jobs, Okta Warns
• North Korean IT Workers Indicted in Elaborate “Laptop Farm” Scheme to Evade Sanctions
• $5 Million Reward Offered After Indictment of North Korean Cyber Operatives