Arizona woman gets 8 years for helping North Korea-linked threat actors to infiltrate 309 U.S. firms with fake IT jobs.
Christina Marie Chapman (50) from Arizona, was sentenced to 102 months in prison for aiding North Korean IT workers in infiltrating 309 U.S. companies. She pleaded guilty to charges including aggravated identity theft, conspiracy to defraud the U.S., and conspiracy to commit money laundering, wire fraud, identity fraud, and bank fraud. Chapman was charged in May 2024 alongside Ukrainian national Oleksandr Didenko, as part of a broader scheme involving fraudulent access to U.S. companies through fake IT job placements.
In May 2024, the FBI issued an advisory warning the public and private sector of the threat posed to the U.S. businesses by Information Technology (IT) workers from the Democratic People’s Republic of Korea (North Korea).
In May 2024, the Justice Department unsealed charges against Chapman, a Ukrainian man, and three unidentified foreign nationals accused of aiding overseas IT workers, pretending to be U.S. citizens, to infiltrate hundreds of firms in remote IT positions. North Korea used this scheme to dispatch thousands of skilled IT workers globally, using stolen U.S. identities to infiltrate companies and raise revenue. The schemes defrauded over 300 U.S. companies, utilizing U.S. payment platforms, online job sites, and proxy computers. According to the DoJ, this is the largest scheme of this kind ever charged by US authorities.
The operations coordinated by the North Korean government took place between October 2020 and October 2023. Intelligence experts speculate the campaign was aimed at financing the government’s illicit nuclear program.
The defendant Christina Marie Chapman was arrested in May in Litchfield Park, Arizona, while Oleksandr Didenko was arrested in Poland a few days before.
Didenko ran a multi-year scheme creating accounts on U.S.-based freelance IT job platforms and money service transmitters using false identities, including those of U.S. persons. Then the man sold these accounts to overseas IT workers. He was the administrator of a website called upworksell.com, which was used to advertise these services along with credit card and SIM card rentals. The investigation revealed that Didenko managed about 871 proxy identities and provided accounts for three freelance IT platforms and three U.S.-based money service transmitters. He facilitated at least three U.S.-based laptop farms, hosting around 79 computers, and received or sent $920,000 since July 2018. The man admitted to assisting North Korean IT workers and was interconnected with other cells within the DPRK IT worker network. If convicted, Didenko faces up to 67.5 years in prison, including a mandatory minimum of two years for aggravated identity theft.
“Chapman, an American citizen, conspired and assisted the North Korean IT workers from October 2020 to October 2023. Using stolen and purchased identities of U.S. nationals, the North Korean IT workers applied for remote IT jobs at U.S. companies and, in furtherance of the scheme, transmitted false documents to the Department of Homeland Security on at least 100 occasions.” reads the press release published by DoJ.
“Chapman and her coconspirators obtained jobs at 309 U.S. companies, including Fortune 500 corporations, often through temporary staffing companies or other contracting organizations. The impacted companies included a top-five major television network, a Silicon Valley technology company, an aerospace manufacturer, an American car maker, a luxury retail store, and a U.S media and entertainment company. The IT workers also attempted to obtain employment and access to information at two different U.S. government agencies, although these efforts were generally unsuccessful. Some of the companies were purposely targeted by a group of DPRK IT workers, who maintained a repository of postings for companies at which they wanted to insert IT workers.”
Christina Chapman ran a “laptop farm” from her home, hosting devices from U.S. companies to help North Korean IT workers pose as U.S.-based. She shipped 49 devices abroad, including to a Chinese city near North Korea. Over 90 laptops were seized from her home. Chapman helped earn over $17.1M through the scheme, using stolen identities to report fake income and cash forged checks. She also funneled wages and proceeds to overseas recipients.
“The conspiracy orchestrated a vast and sophisticated fraud scheme, at the expense of generally unknowing U.S. companies and persons — generating at least $17.1 million of revenue for North Korea. The coconspirators compromised the identities of 68 U.S. persons, creating false tax liabilities for these victims; applied for or obtained remote jobs at 309 U.S. companies and 2 international companies; and caused false information to be conveyed to DHS on more than 100 occasions.” concludes DoJ. “In 2024 a United Nations Panel of Experts report estimated that the technology sector continues to be a key moneymaker for North Korea with an estimated 3,000 North Korean IT workers abroad and another 1,000 more operating inside North Korea, generating $250 million to $600 million annually.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, North Korea)
