An Arizona woman has been sentenced to more than eight years in prison for her role in a fraudulent scheme that helped North Koreans obtain remote IT positions at 309 US companies, including an unnamed member of the Fortune 500.

The FBI said victims included a top-five major television network, a Silicon Valley technology company, an aerospace manufacturer, an American carmaker, a luxury retail store, and a US media and entertainment company. Christina Marie Chapman, 50, and the North Korean IT workers reportedly netted more than $17.1 million via the scheme.

North Korea has long deployed thousands of its IT workers around the world, including in the US, to obtain remote employment using false, stolen or borrowed identities of US persons. These funds are then used to finance the activities of the East Asian country, which faces heavy economic sanctions globally.

In this case, which the FBI believes to be one of the largest of its kind ever recorded, the identities of 68 US citizens are believed to have been stolen. Chapman, a US citizen, conspired with and assisted the North Korean IT workers from October 2020 to October 2023. Using stolen and purchased identities of US nationals, the North Koreans applied for remote IT jobs at US companies and, in furtherance of the scheme, submitted falsified documents to the Department of Homeland Security on at least 100 occasions.

According to the FBi statement, Chapman used temporary staffing companies and other contracting organizations to evade companies’ pre-employment screening. She operated what’s known as a “laptop farm,” receiving and hosting computers from US companies at her home so that the companies would believe the workers were based in the United States. More than 90 laptops were seized from Chapman’s home following the execution of a search warrant in October 2023.

US Attorney Jeanine Ferris Pirro, who presided over the case, warned businesses to take the threat seriously.

“The call is coming from inside the house,” Pirro said. “If this happened to these big banks, to these Fortune 500, brand-name, quintessential American companies, it can or is happening at your company.”

Recommended by Our Editors

She added: “Corporations failing to verify virtual employees pose a security risk for all. You are the first line of defense against the North Korean threat.”

Roman Rozhavsky, assistant director of the FBI Counterintelligence Division, highlighted the far wider ramifications of this type of activity, saying how the illegal employment of North Korean IT workers abroad has “generated millions of dollars” for the dictatorship’s nuclear weapons program.

Newsletter Icon

Get Our Best Stories!

Stay Safe With the Latest Security News and Updates

SecurityWatch Newsletter Image

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

About Will McCurdy

Contributor

Will McCurdy

I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.


Read Will’s full bio

Read the latest from Will McCurdy