Sophisticated Operation Uncovered: North Korean IT Workers Scam American Companies
US authorities have uncovered a sophisticated operation that tricked hundreds of American companies into unwittingly hiring North Korean IT workers. The scheme, which involved stolen identities and an American accomplice, allowed the rogue nation to funnel millions of dollars in violation of international sanctions.
The US federal prosecutors unsealed charges against three North Korean nationals and a 49-year-old Arizona woman, Christina Chapman, who allegedly conspired to defraud over 300 US businesses across various sectors. Using aliases Jiho Han, Chunji Jin, and Haoran Xu, the North Koreans posed as US citizens by using stolen identities validated by Chapman.
The scam, which began around 2020, saw North Korean workers gain remote employment in IT roles at unsuspecting companies, including well-known Fortune 500 firms in media, technology, aerospace, and automotive industries. Chapman allegedly ran a “laptop farm” from her home, making it appear that the workers were operating within the United States.
Authorities believe the scheme compromised more than 60 Americans’ identities and generated at least $6.8 million in revenue for North Korea, with a significant portion of the workers linked to the country’s Munitions Industry Department responsible for weapons development. In some instances, the workers may have also gained access to sensitive corporate information.
“The charges in this case should be a wakeup call for American companies and government agencies that employ remote IT workers,” warned Nicole Argentieri, head of the Justice Department’s Criminal Division. The FBI emphasized the grave national security implications, describing the operation as a “new high-tech campaign to evade US sanctions.”
Chapman, arrested in Arizona, faces nearly 100 years in prison if convicted on charges ranging from fraud to identity theft and money laundering. The three North Koreans remain at large, with the US offering a $5 million reward for information leading to the disruption of their network.
In a separate but related case, a Ukrainian national was charged with creating fraudulent accounts and identities used by some of the same North Korean operatives.