Arizona Woman Admits to Operating Laptop Farm for North Korean IT Workers .
A 48-year-old woman from Arizona, Christina Marie Chapman, has admitted to running a fraudulent scheme that helped North Korean hackers secure remote IT jobs at over 300 U.S. companies by pretending to be American citizens.
According to the U.S. Department of Justice (DoJ), Chapman worked with overseas IT workers from October 2020 to October 2023, using stolen identities of real U.S. citizens to apply for jobs. She also submitted fake documents to the Department of Homeland Security to make the scheme look legitimate.
Through this operation, Chapman and North Korea made over $17.1 million, violating international sanctions designed to cut off funding to the North Korean government.
These fake hires were placed in Fortune 500 companies and other U.S. businesses, often through staffing agencies and contracting firms. This case highlights a growing cybersecurity threat where state-backed hackers infiltrate companies through remote work scams.
The defendant, who was arrested in May 2024, has also been accused of running a laptop farm by hosting multiple laptops at her residence to give the impression that the North Korean workers were working from within the country, when, in reality, they were based in China and Russia and remotely connected to the companies' internal systems.
According to the U.S. Department of Justice (DoJ), Chapman set up a "laptop farm" at her home, running multiple laptops to make it appear as if the workers were based in the U.S.
The scheme compromised over 70 American identities, resulted in false tax records, and led to more than 100 instances of fake information being sent to the Department of Homeland Security.
Law enforcement agencies have intensified their crackdown on such operations. However, as scrutiny increases, North Korean IT workers have begun using more aggressive tactics, including data theft and extortion.
According to the FBI, when discovered, these hackers have held stolen company data hostage, demanding ransom payments. In some cases, they have leaked proprietary code from victim companies.
