An Arizonan woman has been handed a jail term of over eight years for helping North Korean IT workers defraud over 300 US companies.
Christina Chapman 50, of Litchfield Park, Arizona, had pleaded guilty in February 2025 to conspiracy to commit wire fraud, aggravated identity theft and conspiracy to launder monetary instruments.
She helped North Korean IT workers to gain employment with 309 US businesses, including some Fortune 500 firms, and two international companies.
Specifically, Chapman operated a laptop farm of over 90 machines, which was used to help deceive the victim companies into believing the remote IT workers were based in the US. She also shipped 49 other laptops and devices overseas, including to Chinese city on the border with North Korea.
Read more: North Korean IT Workers Holding Data Hostage for Extortion, FBI Warns
She even kept notes identifying the relevant US company and identity associated with each laptop. A total of 68 identities were stolen from US citizens to further the scheme – which made more than $17m for the Kim Jong-un regime, according to the Department of Justice (DoJ).
Chapman also received and forged payroll checks in the names of the stolen identities, as well as receiving and then transferring overseas IT workers’ wages deposited by employers into her US bank accounts.
“North Korea is not just a threat to the homeland from afar. It is an enemy within. It is perpetrating fraud on American citizens, American companies, and American banks. It is a threat to Main Street in every sense of the word,” said US attorney Jeanine Ferris Pirro.
“The call is coming from inside the house. If this happened to these big banks, to these Fortune 500, brand name, quintessential American companies, it can or is happening at your company. Corporations failing to verify virtual employees pose a security risk for all. You are the first line of defense against the North Korean threat.”
North Korean IT workers not only make money illegally for the autocratic state through their wages, they might also use privileged access to deploy malware, steal sensitive IP and/or hold data to ransom.
Among the victims of this scheme were a “top-five major television network,” a Silicon Valley tech company, an aerospace manufacturer, an American car maker, a luxury retail store and a US media and entertainment company.
However, Google warned recently that European firms should also be on the lookout for fake IT workers.
No tags.
