U.S. citizen accused of conspiring with North Korean IT workers to infiltrate 300 U.S. companies and get remote tech jobs, feds say
Washington — An Arizona woman has been accused of conspiring with people tied to the North Korean government to illegally procure remote telework posts with U.S. companies, federal prosecutors said Thursday.
Christina Chapman allegedly worked with North Korean IT workers Jiho Han, Chunji Jin, Haoran Xu and others as part of a scheme to steal the identities of U.S. citizens and gain remote employment at American corporations using those false identities, charging documents said.
In all, Chapman and her co-conspirators allegedly used the identities of more than 60 individuals who lived in the U.S. to generate nearly $7 million for the North Korean government from more than 300 U.S. companies.
Prosecutors said some of the affected companies were Fortune 500 corporations, including a major TV network, a defense company and a car maker.
Investigators alleged Chapman even used laptop computers that were issued to her co-conspirators under false pretenses to make it appear as though they were actually located within the U.S. and later facilitated the laundering of their salaries. The government accused her of operating a "laptop farm" in an ultimately unsuccessful effort to get some of the workers hired by U.S. government agencies, including the Government Services Administration.
She is also accused of helping the overseas workers remotely connect to their U.S.-based jobs through the laptops and receiving paychecks for the workers at her home.
Han, Jin and Xu are tied to North Koreans Munitions Industry Department, according to a State Department memo offering $5 million for information leading to the disruption of the scheme. The department deals with ballistic missile and weapons production.
They are accused of working with Chapman in an effort to launder the illicit money back into North Korea.
Chapman was arrested in Phoenix on Thursday.
"The charges in this case should be a wakeup call for American companies and government agencies that employ remote IT workers. These crimes benefitted the North Korean government, giving it a revenue stream and, in some instances, proprietary information stolen by the co-conspirators," Nicole M. Argentieri, head of the Justice Department's Criminal Division, said in a statement.
Federal investigators said that since at least 2020, the IT group has been working to devise a remote-work scheme in U.S. companies that resulted in false identifying information being passed along to government agencies.
Prosecutors say that in March 2020, an unknown individual contacted Chaman on LinkedIn and asked her to "be the U.S. face" of their company. From August 2022 through November of last year, workers inside North Korea allegedly started storing relevant resumes. And they used an online background check system to target specific American citizens in an effort to steal their identities, the indictment said.
According to the indictment, the complex scheme required the foreign workers to develop "fictitious personas and online profiles to match the job requirements" and submit fake documents to the Homeland Security Department as part of "an employment eligibility check."
Messages show Chapman allegedly talking with her co-conspirators about transferring the money earned from these jobs.
The charges on Thursday were announced alongside a criminal complaint filed against a Ukrainian who is accused of a similar scheme in which he helped individuals in North Korea "market" themselves as remote IT workers.
