Arizona Woman Sentenced for Aiding North Korean Fake IT Worker Scheme That Defrauded 300+ US Companies

A U.S. woman has been sentenced to over eight years in federal prison for playing a central role in a sophisticated scheme that enabled North Korean IT operatives to infiltrate U.S. companies under false identities—defrauding hundreds of businesses and generating millions in illicit revenue.

Christina Marie Chapman, 50, from Litchfield Park, Arizona, pleaded guilty in early 2025 after federal authorities uncovered her involvement in operating a “laptop farm” that supported North Korean workers posing as legitimate U.S.-based IT professionals. The scheme ran between October 2020 and October 2023, affecting more than 300 U.S. companies across a wide range of sectors.

Aiding Foreign Operatives from Home

According to court records, Chapman helped North Korean nationals obtain remote IT work at U.S. organizations by:

• Using stolen identities of real Americans to submit job applications and onboard into company systems
• Hosting and operating a large number of laptops—sent by U.S. companies for supposed remote employees—from her home
• Forwarding 49 company-issued computers overseas, including to a Chinese city near the North Korean border

During a search of her property in October 2023, authorities recovered roughly 90 laptops, many still linked to U.S. corporate systems. The IT workers used these devices to carry out their assignments under false pretenses.

Significant Financial and National Security Implications

The investigation revealed that Chapman and her co-conspirators defrauded 309 U.S. companies, including an aerospace manufacturer, a media conglomerate, a car maker, and a luxury retailer. In total, the scheme generated more than $17.1 million in illicit income, much of which was funneled back to North Korea.

Chapman also personally benefited from the operation. She forged payroll checks and received direct deposits of wages into her own accounts—funds falsely attributed to unsuspecting U.S. citizens whose identities were used.

Her sentence includes:

• 102 months (8.5 years) in federal prison
• Three years of supervised release
• A forfeiture of $284,555
• A court-ordered restitution judgement of $176,850

A Broader Crackdown on North Korean Cyber Activities

This case is part of a larger effort by U.S. authorities to combat North Korea’s growing cyber and fraud operations. U.S. officials estimate that 3,000 North Korean IT workers operate abroad—with another 1,000 inside the country—collectively generating between $250 million and $600 million annually through deceptive or criminal means.

Following the disruption of 29 additional laptop farms across the U.S., the Departments of State, Justice, and the Treasury have jointly announced rewards of up to $15 million for information leading to the identification or capture of North Korean operatives involved in cybercrime, cryptocurrency theft, and IT fraud.

The highest reward—up to $7 million—is being offered for Sim Hyon-Sop, a key figure in several schemes. Additional bounties include:

• $3 million each for Myong Chol-Min and Kim Se-Un
• $500,000 each for Kim Yong-Bok, Kim Chol-Min, Ri Tong-Min, and Ri Won-Ho

These individuals are believed to have supported a range of illicit activities, from smuggling counterfeit goods to facilitating unauthorized IT access and laundering cryptocurrency.

What This Means for Businesses

This case underscores the critical importance of cybersecurity awareness, remote workforce vetting, and device management—especially as remote IT work becomes more common. Businesses of all sizes must remain vigilant against identity fraud, foreign infiltration, and supply chain vulnerabilities.

At Cyber Safe Business, we help our clients protect their operations with tailored cybersecurity strategies, compliance monitoring, and threat detection services. If your organization is unsure about the authenticity of remote contractors or needs to strengthen its endpoint management, our team is ready to assist.