Christina Chapman, a 50-year-old woman from Arizona, ran a covert cyber operations hub from her suburban home, aiding North Korean operatives in infiltrating U.S. companies. Over three years, she facilitated the theft of over $17 million in salaries, with Chapman personally receiving at least $800,000 in ‘service fees.’
Chapman’s operation involved stealing real Americans’ identities to pose as remote IT workers, bypassing U.S. sanctions that block North Korean workers from legally working for American companies. She rigged up voice-changing software and used virtual private networks to disguise the North Koreans’ locations, enabling them to access U.S. company systems while appearing to operate from within the United States.
Eventually, the scheme began to unravel when investigators noticed odd patterns, such as dozens of remote hires listing the same Arizona address or company systems being accessed from countries the workers supposedly had never visited. Chapman was arrested and sentenced in July 2025 to 102 months in federal prison for her role in a national security threat.
The FBI described the scheme as a national security threat, emphasizing the growing risks of cyber infiltration by hostile regimes. Chapman, who dubbed her activities as ‘helping her friends,’ orchestrated an entire network of cybercriminals from the comfort of her home, demonstrating how physical location and digital crime can be manipulated to commit large-scale fraud.