Arizona woman arrested and charged in North Korean IT worker scheme

Christina Chapman facilitated remote work and financial transfers for North Koreans tied to that nation’s weapons development programs, according to the U.S. government.
In a photo taken on April 18, 2019, people stand before computer screens in a lobby of the Grand People's Study House in Pyongyang. (Photo by ED JONES/AFP via Getty Images)

An Arizona woman participated in a scheme to help North Korean information technology workers pose as U.S. citizens so they could apply for remote work positions at Americans companies, federal prosecutors said Thursday as they unsealed charges against the woman and several others. 

Prosecutors say that as part of the scheme, Christina Marie Chapman, 49, of Litchfield Park, Ariz., helped a Ukrainian national and three North Koreans compromise scores of Americans’ identities to facilitate remote work positions for IT workers, most of whom were tied to North Korea. The operation netted at least $6.8 million in revenue generated for the overseas workers, the U.S. Department of Justice said in a statement.

Chapman allegedly worked with Oleksandr Didenko, 27, of Kyiv, Ukraine, as part of the scheme. Didenko allegedly carried out a multi-year scheme to create accounts at U.S.-based freelance IT job search platforms and with U.S. money service transmitters in the name of false identities, the DOJ said in its statement. Those accounts were then sold to the overseas IT workers, who used the identities to apply for remote work positions.

Chapman was arrested May 15 in Arizona and faces up to 97.5 years in prison, according to the DOJ. Didenko faces up to 67.5 years for his role.


The U.S. government through the State Department’s Rewards for Justice program announced a reward of up to $5 million for information related to the effort and specifically three North Koreans with the aliases of Jiho Han, Chunji Jin and Haoran Xu, as well as their manager, Zhonghua.  

The North Koreans, if ever brought to the U.S., face a maximum penalty of 20 years in prison.

“These IT workers are linked to the DPRK’s Munitions Industry Department, which oversees the development of the DPRK’s ballistic missiles, weapons production, and research and development programs,” the State Department said in the reward announcement.

Chapman’s alleged role was to operate a “laptop farm,” where she hosted the overseas IT workers’ computers inside her home to make it appear as if the computers were located within the United States. She also allegedly received checks and direct deposits for the IT workers into her U.S. financial accounts. 

The workers managed to gain employment at various unnamed U.S. companies, according to the DOJ, “including a top-five major television network, a Silicon Valley technology company, an aerospace and defense company, an American car manufacturer, a luxury retail store, and a U.S.-hallmark media and entertainment company, all of which were Fortune 500 companies.”


North Korean IT workers with access to U.S. companies represent a dangerous insider threat, said Michael Barnhart, principal analyst with Mandiant focused on North Korean threats. 

“By directing its IT workers to gain employment at Western companies, North Korea has weaponized its tech talent and created the ultimate insider threat,” Barnhart said in a statement. “These operatives bypass sanctions by diverting their paychecks to help fund North Korea’s nuclear program.”

The workers are also “providing a foothold into major organizations for North Korea’s more advanced threat group,” he added, which can be leveraged for additional operations and attacks.

Latest Podcasts