An Arizona woman named Christina Chapman has been accused of conspiring with individuals connected to the North Korean government to illegally obtain remote telework positions with U.S. companies. Chapman allegedly worked with North Korean IT workers to steal the identities of U.S. citizens and secure remote employment at American corporations using these false identities. This scheme generated nearly $7 million for North Korea from over 300 U.S. companies, including Fortune 500 corporations like a major TV network, a defense company, and a car maker.
Chapman and her co-conspirators used the identities of more than 60 U.S. citizens to carry out the scheme, and they even utilized laptop computers issued to them under false pretenses to make it appear as though they were based in the U.S. Investigators claim that Chapman operated a “laptop farm” in an attempt to get some of the workers hired by U.S. government agencies. Additionally, she allegedly helped the overseas workers connect remotely to their U.S.-based jobs through the laptops and received paychecks for the workers at her home. Han, Jin, and Xu, who are tied to North Korea’s Munitions Industry Department, were accused of working with Chapman to launder the illicit money back into North Korea.
The charges against Chapman serve as a warning for American companies and government agencies that employ remote IT workers. The crimes benefited the North Korean government by providing it with a revenue stream and potentially stealing proprietary information. Federal investigators discovered that since at least 2020, the IT group had been developing a remote-work scheme in U.S. companies that involved passing false identifying information to government agencies. The indictment revealed that the foreign workers created fictitious personas and online profiles to match job requirements and submitted fake documents to the Homeland Security Department as part of an employment eligibility check.
In March 2020, Chapman was contacted on LinkedIn by an individual seeking her to be the “U.S. face” of their company. From August 2022 to November of the same year, workers in North Korea allegedly stored relevant resumes and used an online background check system to target specific American citizens to steal their identities. Messages exchanged between Chapman and her co-conspirators discussed transferring the money earned from these fraudulent jobs. The charges against Chapman were announced alongside a criminal complaint filed against a Ukrainian individual accused of a similar scheme involving individuals in North Korea posing as remote IT workers.
Chapman was arrested in Phoenix on Thursday, and the State Department issued a memo offering a $5 million reward for information leading to the disruption of the scheme. The accused individuals are facing charges related to money laundering and fraudulent employment schemes benefiting the North Korean government. These cases highlight the importance of monitoring remote IT workers to prevent similar criminal activities and protect American companies and government agencies from exploitation.
