According to federal prosecutors, an Arizona woman collaborated with individuals connected to the North Korean government in a conspiracy to secure remote telework positions at various United States-based companies. The indictment alleges that Christina Chapman joined forces with North Korean information technology specialists Jiho Han, Chunji Jin, and others as part of a scheme to acquire US citizen identities and secure remote employment using forged documents.
This elaborate and lucrative scheme reportedly involved exploiting the identities of over 60 US citizens, resulting in the accumulation of approximately $7 million. The funds, which are believed to have supported the North Korean government, were obtained from more than 300 unsuspecting US companies, including Fortune 500 enterprises such as a television network, a defense contractor, and an automobile manufacturer.
Investigators discovered a ‘laptop farm’ where Chapman allegedly utilized unlawfully acquired laptops to simulate her co-conspirators’ presence in the United States. This was part of a broader money laundering scheme. Chapman is accused of facilitating overseas workers’ access to remote US-based jobs through these laptops and collecting their paychecks at her residence.
US authorities believe that Han, Jin, and Xu are connected to the North Korean Munitions Industry Department, which is involved in ballistic missile and weapons production. A State Department memo offers a $5 million reward for information that disrupts this operation and claims that these individuals worked with Chapman to transfer the ill-gotten gains to North Korea.
The Justice Department’s Criminal Division head, Nicole M. Argentieri, emphasized the urgency for American companies and government entities employing remote IT workers to be vigilant. She stated, ‘These crimes profited the North Korean government, providing it with a revenue stream and, in some cases, proprietary information stolen by the co-conspirators.’
The investigation revealed that since at least 2020, the implicated IT group has been actively involved in remote-work fraud targeting US companies, leading them to submit falsified identification details to government entities. Chapman was reportedly contacted by an unidentified individual via LinkedIn in March 2020, who claimed to represent a company in the US. From August to November 2022, North Korean operatives allegedly began compiling resumes and leveraged online background check systems to steal American citizens’ identities.
