Christina Chapman operated a covert hub from her Arizona home, facilitating North Korean operatives’ infiltration of U.S. companies, resulting in over $17 million in stolen salaries.
In a quiet neighborhood of Litchfield Park, Arizona, Christina Chapman, 50, ran a covert operation that enabled North Korean operatives to infiltrate American firms, amassing a staggering $17 million in stolen salaries.
This scenario is not a plot from a new Netflix series; it is a real-life case that unfolded just a short drive from Phoenix. Chapman appeared to be an ordinary suburban woman, but her home served as a secret cyber operations center aimed at assisting North Korean IT workers in acquiring equipment and tools for their military.
Due to international sanctions, North Korean workers cannot legally apply for jobs at major American companies like Google, Amazon, or Meta. Instead, they resort to stealing the identities of real Americans, including names, birth dates, and Social Security numbers. Using this stolen information, they impersonate remote IT workers, slipping into U.S. companies unnoticed.
However, when these companies send out laptops and phones to their new “remote hires,” the devices cannot be shipped to North Korea. Over three years, Chapman transformed her suburban residence into a covert hub for North Korea’s elite cybercriminals, receiving more than 100 laptops and smartphones from various U.S. companies.
These were not just any companies; they included major American banks, top-tier tech firms, and at least one U.S. government contractor, all of which believed they were hiring legitimate remote workers. Unbeknownst to them, they were onboarding North Korean operatives.
Upon receiving the equipment, Chapman connected the devices to virtual private networks (VPNs) and remote desktop tools like AnyDesk and Chrome Remote Desktop. She even employed voice-changing software to create the illusion that the North Koreans were logging in from within the United States.
Chapman also shipped 49 laptops and other devices supplied by U.S. companies to overseas locations, including multiple shipments to a city in China bordering North Korea. These fake employees participated in daily activities, submitting code, answering emails, and attending meetings, all while actually operating from halfway around the world. In reality, they were siphoning U.S. technology and cash directly into Kim Jong Un’s regime.
When human resources teams requested video verification, Chapman did not hesitate. She appeared on camera herself, sometimes in costume, impersonating the individuals listed on the resumes. She managed the entire operation like a talent agency for cybercriminals, staging fake job interviews, coaching operatives on their responses, and laundering their salaries through U.S. banks.
Chapman reportedly took home at least $800,000 in “service fees,” while the total amount stolen for North Korea exceeded $17 million, according to the FBI, which labeled the scheme a national security threat. Chapman referred to her actions as “helping her friends.”
Eventually, the elaborate scheme began to unravel. Investigators detected unusual patterns, such as numerous remote hires all linked to the same Arizona address and company systems being accessed from countries the workers had never visited.
Chapman was arrested and sentenced in July 2025 to 102 months in federal prison. The most astonishing aspect of this case? She orchestrated the entire operation from her living room, exemplifying a new era of remote work.
Source: Original article