District of Columbia | Arizona Girl Sentenced in $17M IT Employee Fraud Scheme That Illegally Generated Revenue for North Korea

            WASHINGTON – Christina Marie Chapman, 50, of Litchfield Park, Arizona, was sentenced in the present day in U.S. District Court to 102 months in jail for her function in a fraudulent scheme that assisted North Korean staff—posing as U.S. residents and residents—in acquiring and dealing in distant IT positions at greater than 300 U.S. firms. The scheme generated greater than $17 million in illicit income for herself and for the Democratic People’s Republic of Korea (DPRK or North Korea), introduced U.S. Attorney Jeanine Ferris Pirro and Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division.

            Chapman pleaded responsible on Feb. 11, 2025, within the District of Columbia to conspiracy to commit wire fraud, aggravated id theft, and conspiracy to launder financial devices. In addition to the 102-month jail time period, U.S. District Court Judge Randolph D. Moss ordered Chapman to serve three years of supervised launch, to forfeit $284,555.92 that was to be paid to the North Koreans, and to pay a judgement of $176,850.

            The case concerned one of many largest North Korean IT employee fraud schemes charged by the Department of Justice, with 68 U.S. individual identities stolen and 309 U.S. companies and two worldwide companies defrauded.

            Joining within the announcement had been Federal Bureau of Investigation (FBI) Assistant Director Roman Rozhavsky of the FBI Counterintelligence Division, FBI Special Agent in Charge Heith R. Janke of the FBI Phoenix Field Office, and Internal Revenue Service Special Agent in Charge Carissa Messick for IRS Criminal Investigation’s Phoenix Field Office.

            U.S. Attorney Pirro famous her Office’s ongoing efforts to stem North Korean income technology.

            “North Korea is not just a threat to the homeland from afar. It is an enemy within. It is perpetrating fraud on American citizens, american companies, and American banks. It is a threat to Main Street in every sense of the word,” she mentioned. Pirro additional known as on company America to take motion.

            “The call is coming from inside the house. If this happened to these big banks, to these Fortune 500, brand name, quintessential American companies, it can or is happening at your company. Corporations failing to verify virtual employees pose a security risk for all. You are the first line of defense against the North Korean threat.”

            Said Acting Assistant Attorney General Galeotti: “The defendant’s role as a U.S.-based facilitator was critical to North Korea’s complex scheme to defraud American companies and steal the identities of American citizens. This multi-year plot highlights the unique threat that North Korea poses to U.S. companies who hire remote workers. The Criminal Division remains steadfast in its commitment to identify and prosecute individuals who facilitate these criminal schemes against U.S. companies.”

           “The North Korean regime has generated millions of dollars for its nuclear weapons program by victimizing American citizens, businesses, and financial institutions,” mentioned FBI Assistant Director Rozhavsky of the FBI’s Counterintelligence Division. “However, even an adversary as sophisticated as the North Korean government can’t succeed without the assistance of willing U.S. citizens like Christina Chapman, who was sentenced today for her role in an elaborate scheme to defraud more than 300 American companies by helping North Korean IT workers gain virtual employment and launder the money they earned. Today’s sentencing demonstrates that the FBI will work tirelessly with our partners to defend the homeland and hold those accountable who aid our adversaries.”

            According to court docket paperwork, North Korea has deployed hundreds of extremely expert IT staff around the globe, together with the United States, to acquire distant employment utilizing false, stolen, or borrowed identities of U.S. individuals. To circumvent controls employed by U.S. firms to stop hiring illicit abroad IT staff, the North Korean IT staff get hold of help from individuals residing within the U.S.

            Chapman, an American citizen, conspired and assisted the North Korean IT staff from October 2020 to October 2023.  Using stolen and bought identities of U.S. nationals, the North Korean IT staff utilized for distant IT jobs at U.S. firms and, in furtherance of the scheme, transmitted false paperwork to the Department of Homeland Security on a minimum of 100 events.

            Chapman and her coconspirators obtained jobs at 309 U.S. firms, together with Fortune 500 companies, usually by means of short-term staffing firms or different contracting organizations. The impacted firms included a top-five main tv community, a Silicon Valley know-how firm, an aerospace producer, an American automobile maker, a luxurious retail retailer, and a U.S media and leisure firm. The IT staff additionally tried to acquire employment and entry to data at two completely different U.S. authorities companies, though these efforts had been typically unsuccessful. Some of the businesses had been purposely focused by a gaggle of DPRK IT staff, who maintained a repository of postings for firms at which they needed to insert IT staff.

            Chapman operated a “laptop farm” the place she obtained and hosted computer systems from the U.S. firms her dwelling, in order that the businesses would imagine the employees had been within the United States. Chapman additionally shipped 49 laptops and different gadgets equipped by U.S. firms to places abroad, together with a number of shipments to a metropolis in China on the border with North Korea. More than 90 laptops had been seized from Chapman’s dwelling following the execution of a search warrant in October 2023.

Christina Chapman organized and saved U.S. firm laptops in her dwelling, and included notes figuring out the U.S. firm and id related to every laptop computer.

            Chapman and the North Korean IT staff netted greater than $17.1 million for his or her work. Much of the earnings was falsely reported to the IRS and Social Security Administration within the names of precise U.S. people whose identities had been stolen or borrowed. Additionally, Chapman obtained and cast payroll checks within the names of the stolen identities utilized by the IT staff and obtained IT staff’ wages by means of direct deposit from U.S. firms in her U.S. monetary accounts. Chapman additional transferred the proceeds from the scheme to people abroad.

            Said FBI Phoenix Special Agent in Charge Janke: “The sentencing today demonstrates the great lengths to which the North Korean government will go in its efforts and resources to fund its illicit activities. The FBI continues to pursue these threat actors to disrupt their network and hold those accountable wherever they may be.”

            “Today’s sentencing brings justice to the victims whose identities were stolen for this international fraud scheme,” mentioned Special Agent in Charge Carissa Messick of the IRS Criminal Investigation Phoenix Field Office. “The scheme was elaborate. If this sentencing proves anything, it’s that no amount of obfuscation will prevent IRS-CI and our law enforcement partners from tracking down those that wish to steal the identities of U.S. nationals, launder money, or engage in criminality that jeopardizes national security.”

            The conspiracy orchestrated an enormous and complex fraud scheme, on the expense of typically unknowing U.S. firms and individuals — producing a minimum of $17.1 million of income for North Korea. The coconspirators compromised the identities of 68 U.S. individuals, creating false tax liabilities for these victims; utilized for or obtained distant jobs at 309 U.S. firms and a pair of worldwide firms; and triggered false data to be conveyed to DHS on greater than 100 events.

            In 2024 a United Nations Panel of Experts report estimated that the know-how sector continues to be a key moneymaker for North Korea with an estimated 3,000 North Korean IT staff overseas and one other 1,000 extra working inside North Korea, producing $250 million to $600 million yearly.

            This case was investigated by the FBI Phoenix Field Office, and the IRS Criminal Investigation Phoenix Field Office. Assistance was offered by the FBI Chicago Field Office.

            Assistant U.S. Attorney Karen P. Seifert for the District of Columbia and Trial Attorney Ashley R. Pungello of the Criminal Division’s Computer Crime and Intellectual Property Section prosecuted the case, with help from Paralegal Specialist Jorge Casillas. Assistant U.S. Attorney Joshua Rothstein, the Victim Witness Unit, the U.S. Attorney’s Office for the District of Arizona, and the National Security Division’s National Security Cyber Section additionally offered help.

***

            In a coordinated effort, FBI Phoenix additionally issued guidance for HR professionals on detecting North Korean IT staff, and the Department of State issued steering[KS1]  on the North Korean IT employee menace.

            Prior steering was issued by the FBI, State Department, and the Department of the Treasury on this menace in a May 2022 advisory, and by the United States and the Republic of Korea (South Korea) in October 2023. The FBI issued up to date steering in May 2024 concerning the usage of U.S. individuals appearing as facilitators by offering a U.S.-based location for U.S. firms to ship gadgets and a U.S.-based web connection for entry to U.S. firm networks and in January 2025 regarding the extortion and theft of delicate firm knowledge by North Korean IT staff, together with really helpful mitigations.

24cr0220