Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence

A U.S. citizen pleaded guiltyTuesday to playing a role in a wide-ranging scheme that allowed multiple North Korean nationals to collect paychecks from more than 300 U.S. companies. 

Christina Marie Chapman, a 48-year-old resident of Litchfield Park, Arizona, pleaded guilty in a U.S. District Court to charges of conspiracy to commit wire fraud, aggravated identity theft and conspiracy to launder monetary instruments.

Chapman was arrested last May as part of a wider takedown of North Korea’s scheme to have hundreds of their citizens hired at unwitting U.S. companies in IT positions. The Department of Justice said Chapman helped her group of North Korean workers earn more than $17.1 million, most of which was sent back to North Korea’s government.

From October 2020 to October 2023, Chapman served several roles — helping the North Korean workers acquire stolen identities of more than 70 U.S. citizens and running a laptop farm at her home where companies would send corporate laptops after the workers had been hired. 

The laptop farm allowed it to look as though the North Koreans were working from the U.S. when many were working from China, Russia, Laos and other countries friendly to North Korea. 

The workers were typically hired through third-party staffing agencies or temporary contracting firms. 

The $17.1 million earned through the scheme was falsely reported to the IRS and Social Security Administration in the names of actual U.S. individuals whose identities had been stolen.

Chapman was initially charged alongside a 27-year-old Ukrainian, Oleksandr Didenko, for helping at least three workers who operated under the aliases Jiho Han, Chunji Jin and Haoran Xu. The three were hired as software and applications developers with companies in a range of sectors and industries.

Didenko was arrested in Poland last year and the U.S. is seeking his extradition. 

U.S. State Department officials said the three North Koreans assisted by Chapman and Didenko “are linked to the DPRK’s Munitions Industry Department, which oversees the development of the DPRK’s ballistic missiles, weapons production, and research and development programs.”

The department said the workers tried to get hired at two unnamed U.S. government agencies but failed three separate times. The Justice Department accused Chapman of transmitting “false documents to the Department of Homeland Security.” 

The North Koreans were able to gain employment at several Fortune 500 companies, including a “top-five major television network, a Silicon Valley technology company, an aerospace and defense company, an American car manufacturer, a luxury retail store, and a U.S.-hallmark media and entertainment company.”

Chapman enabled the workers to connect remotely to the U.S. companies’ IT networks on a daily basis and “helped launder the proceeds from the scheme by receiving, processing, and distributing paychecks from the U.S. firms to these IT workers and others.”

Prosecutors are suggesting a sentence between 7 and about 9 years in federal prison. Chapman will be sentenced on June 16. 

Chapman was one of several Americans charged as the FBI and other agencies seek to root out North Korean workers fraudulently obtaining employment at U.S. companies through its “DPRK RevGen: Domestic Enabler” Initiative.

Two other Americans were charged for running schemes similar to Chapman’s two weeks ago.

Prosecutors have said North Korean IT workers “could individually earn more than $300,000 a year in some cases, and teams of IT workers could collectively earn more than $3 million annually.” Another indictment released in December said 14 North Koreans were able to earn $88 million over several years through IT salaries and extorting companies over stolen information. 

The FBI released an advisory last month confirming industry reports that as law enforcement scrutiny around the IT worker scheme has increased, more North Koreans are now attempting to extort companies.

“In recent months, in addition to data extortion, FBI has observed North Korean IT workers leveraging unlawful access to company networks to exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf of the regime,” the FBI said.

“After being discovered on company networks, North Korean IT workers have extorted victims by holding stolen proprietary data and code hostage until the companies meet ransom demands.”