An Arizona woman who created a "laptop farm" in her home to help fake IT workers pose as US-based employees has pleaded guilty in a scheme that generated over $17 million for herself... and North Korea.

Christina Marie Chapman pleaded guilty to conspiracy to commit wire fraud, aggravated identity theft, and conspiracy to launder monetary instruments in a US District Court on Tuesday.

She is scheduled to be sentenced on June 16, and under the terms of her plea deal, all parties will recommend the court put her behind bars for between 94 and 111 months. Chapman was [1]arrested in May.

[2]

According to [3]court documents , Chapman ran a laptop farm out of her home from October 2020 to October 2023. During this time she hosted computers for overseas IT workers — who were posing as American citizens and residents — to ensure the devices had local IP addresses, making them appear to be in the US.

[4]

[5]

Chapman also helped the foreign fraudsters steal the identities of more than 70 US nationals, then use those identities to apply for remote IT jobs, according to the Feds.

Those who successfully obtained employment as part of the scam then received payroll checks at Chapman's home with direct deposits sent to her US bank accounts before ultimately being laundered and funneled to North Korea, and then potentially contributing to the DPRK's [6]weapons programs , the court document says.

[7]

It's unclear how much of the ill-gotten gains Chapman pocketed, but according to the Justice Department, Chapman's overseas IT workers received [8]more than $17.1 million for their work. Much of the income was falsely reported to the IRS and Social Security Administration in the names of real US individuals whose identities had been stolen.

[9]Three cuffed for 'helping North Koreans' secure remote IT jobs in America

[10]I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice

[11]North Korean dev who renamed himself 'Bane' accused of IT worker fraud caper

[12]North Koreans clone open source projects to plant backdoors, steal credentials

Some of the overseas workers were hired at Fortune 500 companies, including a top-five television network, a premier Silicon Valley technology company, an aerospace and defense manufacturer, an American car manufacturer, a luxury retail chain, and a US-hallmark media and entertainment company.

The Norks specifically targeted some of these companies, likely for their sensitive IP and other valuable data in addition to providing a paycheck, and even "maintained postings for companies at which they wanted to insert IT workers," according to the DOJ.

In total, more than 300 US companies were scammed, and more than 70 people had false tax liabilities created in their name. Additionally, phony documents were submitted to the Department of Homeland Security on more than 100 occasions.

These types of scams have netted Pyongyang at least [13]$88 million over six years. Earlier this week, The Register interviewed someone who was [14]twice targeted . In both cases, the fraudsters used AI-based tools during video interviews with — wait for it — a security startup using AI to find vulnerabilities. ®

Get our [15]Tech Resources



[1] https://www.theregister.com/2024/05/17/three_arrested_for_helping_north_korea/

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z60oDxeb0I4Tip_FruB54QAAAAs&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://www.justice.gov/archives/usao-dc/media/1352191/dl

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z60oDxeb0I4Tip_FruB54QAAAAs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z60oDxeb0I4Tip_FruB54QAAAAs&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[6] https://www.theregister.com/2024/10/08/us_lazarus_group_crypto_seizure/

[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z60oDxeb0I4Tip_FruB54QAAAAs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[8] https://www.justice.gov/usao-dc/pr/arizona-woman-pleads-guilty-fraud-scheme-illegally-generated-17-million-revenue-north

[9] https://www.theregister.com/2024/05/17/three_arrested_for_helping_north_korea/

[10] https://www.theregister.com/2025/02/11/it_worker_scam/

[11] https://www.theregister.com/2025/01/24/north_korean_devs_and_their/

[12] https://www.theregister.com/2025/01/29/lazarus_groups_supply_chain_attack/

[13] https://www.theregister.com/2024/12/13/doj_dpkr_fake_tech_worker_indictment/

[14] https://www.theregister.com/2025/02/11/it_worker_scam/

[15] https://whitepapers.theregister.com/