Justice Department Unveils Charges in North Korean IT Worker Fraud Scheme

The Justice Department reveals charges and actions to disrupt illicit revenue schemes involving North Korean IT workers.

The Justice Department has unsealed charges, seizures, and other court-authorized actions to disrupt the illicit revenue generation efforts of the Democratic People’s Republic of Korea (DPRK or North Korea). The charges involve an Arizona woman, a Ukrainian man, and three unidentified foreign nationals accused of placing overseas IT workers—posing as U.S. citizens and residents—in remote positions at U.S. companies.

According to court documents, DPRK deployed thousands of skilled IT workers globally, using stolen or borrowed U.S. identities to pose as domestic workers, infiltrate U.S. companies’ networks, and raise revenue for North Korea. Over 300 U.S. companies were defrauded using U.S. payment platforms, online job site accounts, proxy computers, and witting and unwitting U.S. entities. This case is the largest of its kind ever charged by the Justice Department.

Two criminal prosecutions by the U.S. Attorney’s Office for the District of Columbia, in partnership with the Computer Crime and Intellectual Property Section of the Justice Department’s Criminal Division, were unsealed. Two defendants have been arrested, and related seizures and search warrants have been executed in Washington, D.C., and other jurisdictions. Investigations led by the FBI Phoenix and New York Field Offices and IRS Criminal Investigation (IRS-CI) involved five other FBI field offices and four U.S. Attorneys’ Offices, resulting in arrests in the U.S. and Poland, execution of five search warrants, and seizure of illicit wages and a website domain.

Christina Marie Chapman, 49, of Litchfield Park, Arizona, was charged with assisting overseas IT workers posing as U.S. citizens and residents in remote IT positions at over 300 U.S. companies. Chapman was arrested in Arizona, and her residence was searched, revealing evidence of the scheme.

Three foreign nationals were also charged with money laundering related to the scheme. The department seized wages earned by more than 19 overseas IT workers and will seek forfeiture of the same.

Ukrainian national Oleksandr Didenko, 27, of Kyiv, was charged in a separate scheme involving fake accounts at U.S. IT job search platforms and money service transmitters. Didenko sold these accounts to overseas IT workers, some believed to be North Korean. Polish authorities arrested Didenko on May 7 at the U.S.’s request. His website domain, upworksell.com, was seized, and all traffic was redirected to the FBI.

The FBI executed search warrants on U.S.-based “laptop farms,” where U.S.-based facilitators allowed overseas IT workers to access U.S. company networks remotely, using U.S. IP addresses to appear as though they were operating within the U.S.

The U.S. Department of State announced a reward for information related to Chapman’s co-conspirators. The overseas IT workers associated with Chapman posed as U.S. citizens, using stolen, false, or borrowed identities, and applied for positions at major U.S. companies, including Fortune 500 companies.

Chapman faces multiple charges, including conspiracy to defraud the U.S. and conspiracy to commit wire fraud, bank fraud, identity theft, and money laundering. If convicted, she faces up to 97.5 years in prison. The John Doe defendants face up to 20 years in prison.

Didenko faces a maximum penalty of 67.5 years in prison if convicted. The FBI New York Field Office is investigating his case, with assistance from other FBI offices and U.S. Attorney’s Offices.

The FBI, along with the Departments of State and Treasury, issued advisories to alert the international community about the North Korea IT worker threat, with updated guidance issued in October 2023.

An indictment and a criminal complaint are merely allegations. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Source: Read Original Release

U.S. Charges Five in North Korean IT Scheme

U.S. authorities have charged an Arizona woman and four foreign nationals in a scheme where overseas IT workers, posing as U.S. citizens, infiltrated American companies to benefit North Korea‘s government and nuclear program.