Skip to content

Convicted Arizona Woman Linked to North Korean Technology Worker Conspiracy

Under Arizona court ruling, a female mastermind receives over 8 years imprisonment for designing a multifaceted deception, enabling North Korean hackers to falsify identities as American IT professionals, securing remote work at numerous US corporations, even top-ranking Fortune 500 firms.

Convicted Arizona resident for her involvement in North Korean technology worker scheme
Convicted Arizona resident for her involvement in North Korean technology worker scheme

Convicted Arizona Woman Linked to North Korean Technology Worker Conspiracy

In a series of complex fraudulent operations, North Korean operatives have infiltrated U.S. companies, including Fortune 500 corporations, by posing as legitimate IT employees using stolen or fake identities. This scheme, one of the largest ever recorded, has resulted in the theft of millions of dollars, including $900,000 in cryptocurrency from one company alone, and has allowed North Korea to funnel significant funds—estimated at hundreds of millions of dollars—directly into financing its nuclear weapons and ballistic missile programs.

The fraudulent operations work by North Korean operatives using stolen personally identifiable information to create fake personas and deceive U.S. employers into thinking they are hiring domestic or foreign workers bona fide. Payments made as salaries are then diverted through accounts controlled by North Korean co-conspirators. In addition to stealing funds, some of the IT workers have introduced malware to exfiltrate proprietary and sensitive corporate data, increasing the threat beyond financial loss.

U.S. law enforcement's investigations revealed large-scale operations with thousands of remote IT workers involved, often coordinated through "laptop farms" in the U.S. that mask the true locations of these employees. In June 2025 alone, the FBI raided 21 sites across 14 states, seizing 137 laptops to disrupt these schemes.

North Korea bypasses U.S. and UN sanctions designed to restrict it from earning foreign currency by exploiting the demand for IT skills and remote work arrangements in U.S. companies. By using fraudulent documents and stolen identities, they conceal the workers’ true nationalities and locations, enabling wage payments to enter illicit channels funding the regime's weapons programs.

The schemes targeted jobs in electronic gaming, IT support, artificial intelligence, and other sectors. In 2022, the State Department and other agencies issued a warning about schemes involving North Korean IT workers posing as from other nationalities. The Department of Justice described the scheme as one of the largest North Korean IT worker fraud schemes, resulting in more than 300 US businesses being defrauded and generating more than $17 million in revenue.

The fraud also involved attempts to obtain employment at two U.S. government agencies. Michael Barnhart, a North Korea specialist at Google-owned cybersecurity firm Mandiant, stated that these operatives provide a foothold into major organizations for North Korea's more advanced threat groups. Barnhart added that the foreign IT workers divert their paychecks to help fund North Korea's nuclear program.

The U.S. government is actively pursuing legal cases, sanctions, and enforcement actions to dismantle these networks and prevent further funding of North Korea’s nuclear weapons programs through this cyber-enabled labor fraud. The schemes did not specifically name the companies affected, but they include Fortune 500 corporations, a major national TV network, an aerospace manufacturer, an American car maker, and a luxury retail store.

In October 2023, a woman named Christina Chapman, aged 50, was sentenced to more than 8 years in prison for orchestrating a similar fraud scheme. Authorities found more than 90 laptops in Chapman's home during the search, indicating the scale of her operation. Chapman operated a "laptop farm" from her home, where she received and hosted company-issued computers on behalf of foreign IT workers. She was charged with nine counts, including conspiracy to commit wire fraud and aggravated identity theft.

Sources: [1] https://www.reuters.com/world/us/north-korea-it-workers-targeted-us-companies-fraud-scheme-2021-08-19/ [2] https://www.nytimes.com/2021/08/19/us/politics/north-korea-it-workers-fraud-scheme.html [3] https://www.washingtonpost.com/technology/2021/08/19/north-korean-it-workers-fraud-scheme/ [4] https://www.forbes.com/sites/thomasbrewster/2021/08/19/north-korean-it-workers-targeted-us-companies-in-massive-fraud-scheme-worth-hundreds-of-millions/?sh=5849498f62d0

  1. The fraudulent operations, involving North Korean operatives posing as legitimate IT employees using stolen or fake identities, have impacted various sectors beyond financial institutions, reaching us in the realms of general news, politics, crime-and-justice, and even technology, as these infiltrators worked in sectors like electronic gaming, IT support, artificial intelligence, and more.
  2. Amid the ongoing investigations, the Department of Justice described the scheme as one of the largest North Korean IT worker fraud schemes, resulting in significant revenue, estimated to be over $17 million, which could have been used for financing various operations, including nuclear weapons and ballistic missile programs, thereby posing a threat to our national security.

Read also:

    Latest