An American citizen, armed with nothing more than a laptop and a criminal disregard for her country, helped North Korea infiltrate hundreds of U.S. tech companies.
Story Snapshot
- A U.S.-based facilitator, Christina Chapman, enabled North Korean IT operatives to pose as remote workers in over 320 American companies, generating more than $17 million for the Pyongyang regime.
- The scheme exploited lax hiring practices and remote work trends, using sophisticated identity fraud and AI tools to bypass background checks and security protocols.
- North Korean operatives, often trained by the regime, targeted companies with high-value intellectual property, resulting in data theft, malware infections, and compliance risks.
- The Justice Department and FBI have escalated enforcement, with indictments and public warnings, but the threat continues to evolve and expand globally.
How the Scheme Worked
Christina Chapman operated a “laptop farm” in the United States, providing North Korean IT workers with the tools and infrastructure to pose as legitimate remote employees for American tech firms. These operatives used stolen or fabricated identities, reshipped devices to mask their locations, and set up financial accounts to funnel salaries back to North Korea. Chapman’s logistical support was critical to the operation’s success, allowing Pyongyang to circumvent international sanctions and directly profit from American payrolls.
The scheme capitalized on the post-pandemic surge in remote work and the tech industry’s hunger for skilled labor. Companies, eager to fill positions quickly, often relied on third-party contractors and performed minimal vetting—creating vulnerabilities that North Korean operatives exploited with increasing sophistication, including the use of AI and voice-changing software to impersonate candidates during interviews.
She helped North Korea infiltrate American tech companies https://t.co/ljR3zFBBy7 #FoxNews
— CallieBenson (@CallieforTrump) October 9, 2025
Scale and Impact
Over the past year alone, infiltrations have surged by 220%, with cybersecurity firms like CrowdStrike investigating nearly one incident per day. Mandiant reports that nearly every Fortune 500 company has been affected, and SentinelOne receives about 1,000 job applications linked to North Korean operatives each month. The financial impact is substantial: millions of dollars in illicit revenue have been funneled to North Korea, directly supporting its nuclear and missile programs.
Beyond the immediate financial losses, the infiltration has resulted in data breaches, intellectual property theft, and significant compliance risks for victim companies. Employees and customers have been exposed to potential identity theft and malware, while the broader tech sector faces eroded trust in remote hiring and mounting pressure for regulatory reforms. The FBI and Department of Justice have issued updated guidance and launched coordinated enforcement actions, but the threat continues to evolve, with North Korean operatives now targeting companies beyond the U.S. tech sector.
Watch: How North Korean operatives are infiltrating U.S. companies to fund weapons programs
National Security and Policy Implications
This case is a stark reminder of the national security risks posed by lax immigration, employment, and cybersecurity policies. The Trump administration, now back in office, has made border security and immigration enforcement a top priority, but the damage from years of neglect is evident in the scale and sophistication of this scheme.
The use of AI and advanced fraud techniques by North Korean operatives demonstrates that traditional security measures are no longer sufficient. Companies must adopt more rigorous hiring practices, and the federal government must provide clear guidance and support to protect American jobs, data, and national security. The infiltration of American tech companies by North Korean operatives—facilitated by a U.S. citizen—is a wake-up call for all who value national security, economic sovereignty, and the rule of law.
Sources:
Fortune: North Korean IT worker infiltrations exploded
FBI PSA: North Korean Remote IT Worker Threats
Microsoft Security Blog: North Korean Remote IT Workers’ Evolving Tactics
Wikipedia: North Korean remote worker scheme
Okta: North Korea’s IT Workers Expand Beyond US Big Tech
