An Arizona woman has been sentenced to more than eight years in federal prison for masterminding a large-scale fraud scheme that allowed North Korean cyber operatives to pose as American citizens and secure remote IT jobs with hundreds of U.S. companies, including several Fortune 500 corporations.
Arizona According to the U.S. Department of Justice (DOJ), the elaborate scheme—described as one of the largest North Korean IT worker fraud operations ever uncovered—involved the theft of 68 Americans’ identities. The operation defrauded over 300 companies and generated more than $17 million, funds that federal authorities believe could bolster North Korea’s nuclear weapons program.
Christina Chapman, 50, pleaded guilty in February to multiple charges, including conspiracy to commit wire fraud and aggravated identity theft. By hosting these devices, she helped create the illusion that the workers were based in the U.S., enabling them to bypass corporate security measures and hiring protocols.
The DOJ’s statement emphasized that North Korea deploys thousands of highly skilled IT specialists worldwide, often using U.S.-based collaborators like Chapman to circumvent sanctions and restrictions.
Investigators also found that she had shipped 49 computers and other electronic devices to locations abroad, including a city near North Korea’s border with China.
Authorities said Chapman manipulated payroll systems using stolen identities, funneling salaries into her own U.S. bank accounts before transferring the funds to overseas operatives.
The May indictment identified some of the targeted organizations, which included Fortune 500 firms, a major national television network, an aerospace manufacturer, an American automobile company, and a luxury retail chain.
Arizona Officials also noted that foreign IT workers tied to the scheme unsuccessfully tried to secure positions with two U.S. government agencies.
Federal warnings about such schemes have been circulating for years. In 2022, the State Department cautioned businesses about North Korean operatives posing as remote workers from other nationalities, applying for roles in industries such as IT support, electronic gaming, and artificial intelligence.
Experts say these IT workers often collaborate with North Korean hacking units, which generate significant revenue for the regime. A White House official stated in 2024 that roughly half of North Korea’s missile program funding comes from cyberattacks and cryptocurrency theft.
Michael Barnhart, a North Korea specialist at cybersecurity firm Mandiant, warned that North Korea has “weaponized its tech talent,” using infiltrated IT workers as a direct threat to Western corporations.
“At the same time, they provide a potential entry point for the regime’s advanced cyber threat groups to infiltrate major organizations.”