Key Points
- An Arizona woman operated a home-based server network, enabling North Korean IT professionals to mask their true location as being within the United States.
- More than 300 businesses across the U.S., including a prominent television network and an aerospace engineering company, were unknowingly compromised.
- Authorities stated that the fraudulent activity helped finance North Korea’s weapons development programs and exposed cryptocurrency firms to potential security breaches.
An influencer from Arizona, known for her TikTok presence, received a significant prison term on Thursday for her role in assisting North Korean agents. These agents fraudulently secured remote IT positions at hundreds of American companies as part of an elaborate scheme designed to fund North Korea’s internationally sanctioned weapons program.
Christina Marie Chapman faced conviction in the District of Columbia on charges including conspiracy to commit wire fraud, aggravated identity theft, and conspiracy to launder money.
Her sentence includes 8.5 years of imprisonment, followed by three years of supervised release. She is also required to forfeit over $284,000 and provide restitution amounting to $176,850.
Roman Rozhavsky, the FBI’s Assistant Director for Counterintelligence, stated that “The North Korean government has been leveraging American citizens, businesses, and financial institutions to generate millions of dollars for the purposes of funding its illegal weapons program,” according to a
public statement
.
He added, “Even a sophisticated adversary such as North Korea cannot succeed without assistance from U.S. individuals, as demonstrated by Christina Chapman’s actions.”
This case highlights North Korea’s ongoing clandestine efforts to infiltrate foreign companies, particularly within the technology and cryptocurrency industries. U.S. officials report that North Korea has deployed thousands of highly skilled IT workers globally, who utilize fake identities to obtain remote employment, subsequently funneling earnings back to their government or enabling cyberattacks on target companies.
Cryptocurrency platforms are increasingly vulnerable, as these planted workers can identify security weaknesses and exploit them to compromise company crypto wallets. Chainalysis reports that North Korean hackers successfully stole $1.34 billion in cryptocurrency in 2024 alone, which is a 21% increase compared to the previous year.
Chapman, a freelance worker and social media influencer with a large following on TikTok, was initially contacted by North Korean agents through the professional networking site, LinkedIn.
Beginning around 2020, she facilitated North Korean operations by managing a “laptop farm” within her residence. This involved hosting computer equipment provided by companies, which allowed North Korean IT workers to remotely access the systems while simulating a U.S.-based location.
Law enforcement officials indicated she also shipped 49 different computer devices to locations abroad, including to a city in China located near North Korea. More than 90 laptop computers were confiscated from her residence.
The North Korean operatives utilized stolen or fabricated identities to earn millions of dollars, with payments being made via direct deposit or through forged payroll checks. Chapman aided in laundering these funds through her personal bank accounts before transferring them internationally. The income was fraudulently reported to both the IRS and the Social Security Administration under the names of legitimate U.S. citizens.
Over a period of years, Chapman assisted North Korean individuals in obtaining positions at over 300 U.S. organizations, including major Fortune 500 corporations, a prominent TV network, an aerospace manufacturing firm, and a Silicon Valley tech company.
Three North Korean nationals who were charged alongside Chapman remain at large.
North Korean agents employ numerous deceptive tactics to conceal their true identities, including the use of VPNs, impersonating individuals from other countries, and
contracting
other individuals to conduct the initial job interviews.
Fraser Edwards, who is the CEO and founder of Cheqd, a company headquartered in the UK, stated in an interview with
Decrypt that his company had experienced several attempts at infiltration and had identified multiple warning signs that suggested North Korean involvement.
Edwards said that “Our CTO revisited some of the interview test recordings, and observed Korean characters visible when the supposed European candidate switched between different windows.”
“Another suspicious detail was that the IP addresses always connected through proxy servers, which indicated a deliberate attempt to hide their identities throughout the entire process.”
According to Edwards and other sources, North Korean agents are now utilizing European individuals to conduct preliminary interviews or screening calls, which makes detection increasingly difficult. Even when they are discovered, they quickly adopt new fake identities or submit new job applications.
Daily Debrief Newsletter
Get the day’s most important news, insightful features, podcasts, videos, and more delivered right to your inbox.