Christina Marie Chapman, a 48-year-old resident of Litchfield Park, Arizona, pleaded guilty in a U.S. District Court on February 6, 2025, to conspiracy to commit wire fraud, aggravated identity theft, and conspiracy to launder monetary instruments. She was involved in a scheme that helped North Korean nationals collect paychecks from more than 300 U.S. companies. Chapman was arrested in May 2024 as part of a larger operation targeting North Korea’s efforts to infiltrate the U.S. workforce. Where the workers were placed in IT positions at various companies. Chapman’s involvement led to the theft of $17.1 million, most of which was sent back to North Korea.
From October 2020 to October 2023, Chapman ran a laptop farm at her residence.
This operation enabled North Korean workers, who were based in countries like China, Russia, and Laos, to appear as if they were working from the U.S. for companies that hired them through staffing agencies. Chapman also assisted in helping these workers acquire stolen identities of over 70 U.S. citizens, making their employment in the U.S. appear legitimate. The stolen identities were used to file false tax reports to the IRS and Social Security Administration.
Chapman’s actions directly benefited the North Korean regime’s Munitions Industry Department, which is responsible for the development of ballistic missiles, weapons production, and other key military programs. Her efforts allowed the North Korean workers to remotely connect to U.S. companies’ IT networks, including some Fortune 500 firms, and launder the proceeds from the fraudulent employment. Prosecutors are recommending a prison sentence of 7 to 9 years for Chapman, who will be sentenced on June 16, 2025.
The case is part of a broader crackdown on North Korean IT workers infiltrating U.S. companies under the “DPRK RevGen: Domestic Enabler” initiative. The Justice Department has continued to target individuals, including Chapman and others, for helping North Korean workers evade U.S. law enforcement and obtain high-paying IT jobs, which are sometimes used for illegal activities such as data extortion. The FBI has also reported a rise in extortion attempts from these workers, with some holding stolen data hostage to extract ransom payments from companies.
