An Arizona woman was sentenced Thursday to more than eight years in federal prison for orchestrating a sophisticated scheme that allowed North Korean operatives to pose as American IT workers and siphon millions of dollars from over 300 U.S. companies, including major Fortune 500 firms. The Department of Justice described the operation as one of the largest North Korean IT fraud schemes uncovered to date.
Christina Chapman, 50, pleaded guilty in February to multiple charges, including conspiracy to commit wire fraud, aggravated identity theft, and money laundering. Prosecutors said she helped North Korean tech workers gain access to U.S. firms by operating a "laptop farm" out of her home, using stolen American identities to deceive employers into believing the workers were U.S.-based.
Authorities said Chapman received and managed over 90 company-issued laptops sent by duped firms, and forwarded at least 49 devices overseas, including to a city in China near North Korea's border. The scheme generated more than $17 million in illicit revenue from 2020 to 2023, some of which was funneled directly into accounts benefiting the Pyongyang regime.
Chapman was also ordered to forfeit approximately $284,000 in proceeds and pay an additional $175,000 fine. Officials say the funds were initially deposited into Chapman's accounts and later dispersed to international co-conspirators.
"The call is coming from inside the house," said Acting U.S. Attorney for the District of Columbia Jeanine Pirro. "If this happened to these big banks, to these Fortune 500, brand-name, quintessential American companies, it can or is happening at your company."
The compromised organizations spanned across sectors, including aerospace, automotive manufacturing, luxury retail, media, and Silicon Valley tech. According to the indictment, two attempted job placements also targeted U.S. government agencies but were unsuccessful.
The broader operation exploited gaps in remote work verification processes. A 2022 warning from the State Department cautioned that North Korean IT workers were posing as foreign nationals to gain jobs in electronic gaming, AI, and IT support, with some working in tandem with North Korean hackers.
Michael Barnhart, a North Korea specialist at Google-owned cybersecurity firm Mandiant, stated: "By directing its IT workers to gain employment at Western companies, North Korea has weaponized its tech talent and created the ultimate insider threat."
"These operatives bypass sanctions by diverting their paychecks to help fund North Korea's nuclear program. Simultaneously, they're providing a foothold into major organizations for North Korea's more advanced threat groups," Barnhart said.
