An Arizona woman received a significant federal prison sentence for orchestrating a sophisticated cybercrime operation that enabled North Korean Information Technology (IT) workers to infiltrate hundreds of American companies while generating millions in revenue for the Democratic People’s Republic of Korea (DPRK).
The case represents one of the largest documented instances of state-sponsored employment fraud targeting U.S. corporations and highlights critical vulnerabilities in remote work verification systems.
Key Takeaways
1. Arizona woman sentenced to 102 months for helping North Korean IT workers infiltrate 309 U.S. companies.
2. Operated a "laptop farm" to deceive companies while shipping devices to North Korean operatives.
3. Targeted Fortune 500 corporations, prompting new federal security guidance.
Identity Theft and Employment Fraud Scheme
Christina Marie Chapman, 50, of Litchfield Park, Arizona, was sentenced to 102 months in federal prison for her central role in a complex fraud network that spanned multiple years and compromised 309 U.S. businesses.
The scheme involved systematic identity theft of 68 U.S. citizens, whose personal information was used to create false employment profiles for North Korean IT workers seeking remote positions at major American corporations.
Chapman operated what investigators termed a “laptop farm” from her residence, where she received and hosted company-issued computers, creating the illusion that work was being performed domestically.
The technical infrastructure included direct deposit systems configured to funnel wages into Chapman’s U.S. financial accounts, sophisticated payroll check forgery operations, and international shipping networks that transported 49 laptops and other corporate devices to overseas locations, including cities along the China-North Korea border.
Law enforcement seized more than 90 laptops during the execution of a search warrant in October 2023.
The targeted companies represented diverse sectors of the American economy, including Fortune 500 corporations, a major television network, Silicon Valley technology firms, aerospace manufacturers, automotive companies, luxury retailers, and media conglomerates.
North Korean operatives maintained detailed target repositories of companies they sought to infiltrate and attempted unsuccessful penetrations of two U.S. government agencies.
Chapman’s Sentencing
U.S. District Court Judge Randolph D. Moss imposed additional penalties, including three years of supervised release, forfeiture of $284,555.92 intended for North Korean operatives, and a judgment of $176,850.
Chapman pleaded guilty to conspiracy to commit wire fraud, aggravated identity theft, and conspiracy to launder monetary instruments on February 11.
The investigation, conducted by FBI Phoenix Field Office and IRS Criminal Investigation Phoenix Field Office, revealed that the scheme generated over $17 million in illicit revenue.
Acting Assistant Attorney General Matthew R. Galeotti emphasized that the operation “exploited more than 300 American companies and government agencies” while funding the DPRK regime.
This instance led to improved corporate security procedures for virtual employee verification and coordinated federal instructions for HR experts on identifying attempts by North Korean IT workers to infiltrate.
Experience faster, more accurate phishing detection and enhanced protection for your business with real-time sandbox analysis-> Try ANY.RUN now
