Cyber Defense Advisors

Arrests made after North Koreans hired for remote tech jobs at US companies

Graham CLULEY

May 21, 2024

Promo Protect all your devices, without slowing them down. Free 30-day trial

US businesses are believed to have recruited thousands of North Korean IT workers, sending earnings (and potentially data) to North Korea.

This week, an American woman named Christina Marie Chapman was arrested in Arizona. She is accused of being part of an elaborate scheme that generated almost US $7 million in funds for North Korea, potentially to fund its weapons programme.

According to a Department of Justice indictment, 49-year-old Chapman used stolen identities of 60 Americans to help North Korean IT workers pose as US citizens and gain employment at over 300 US companies, including Fortune 500 companies, a major TV network, a defence company, a Silicon Valley tech firm, and an American car manufacturer.

Chapman is also accused of trying to procure employment at US government agencies.

Prosecutors allege that Chapman ran a “laptop farm” of company-provided PCs from her home, helping North Korean workers deceive employers that they were physically present in the United States. It is alleged that Chapman helped the workers remotely access the laptops, and received salaries on their behalf, charging them a monthly fee for her help.

A US citizen named Minh Phuong Vong from Maryland has also been charged alongside Chapman. Vong is accused of conspiring to commit wire fraud by securing jobs for North Korean IT workers under his own identity, outsourcing the work to them, keeping a portion of the salary, and sending the rest to North Korea.

In addition, a Ukrainian national, Oleksandr Didenko, was arrested in Poland and is facing extradition to the United States on identity fraud charges.  He is accused of running UpWorkSell, a website that allegedly helped North Korean IT workers use fake identities to get jobs at US-based firms.

“The charges in this case should be a wakeup call for American companies and government agencies that employ remote IT workers,” said Nicole Argentieri, head of the DOJ’s Criminal Division. “These crimes benefitted the North Korean government, giving it a revenue stream and, in some instances, proprietary information stolen by the co-conspirators.”

Last year, the FBI issued a warning to US companies to be wary of inadvertently hiring North Koreans to remotely work in their IT departments amid fears of data theft and hacking.

A further three North Korean citizens linked by the US authorities to the plot remain at large  – Jiho Han, Chunji Jin, and Haoran Xu. The US State Department says they all have connections to North Korea’s weapons and ballistic missile production programme.

Chapman faces nine counts of conspiracy to defraud the United States. The US State Department has offered a US $5 million reward for information leading to the disruption of the activities of the North Korean gang’s activities.