US Woman Jailed 8.5 Years for Running “Laptop Farm” That Enabled North Korean IT Spies to Infiltrate 300+ US Firms
An Arizona woman has been sentenced to eight and a half years in prison for operating a covert “laptop farm” from her home, which enabled North Korean IT operatives to impersonate American tech professionals and secure remote employment with major U.S. organizations. This elaborate scheme successfully deceived more than 300 entities—including Fortune 500 corporations, media networks, automotive giants, tech behemoths, and even U.S. government agencies. The total damage attributed to the criminal network is estimated at $17 million.
Fifty-year-old Kristina Mary Chapman pleaded guilty to three charges: conspiracy to commit fraud, aggravated identity theft, and money laundering. In addition to her nearly nine-year prison term, she will face three years of supervised release and the forfeiture of over $460,000—funds linked to payments intended for the North Korean hackers.
According to the U.S. Department of Justice, this case represents one of the largest exposed schemes facilitating the unlawful employment of North Korean IT specialists ever prosecuted in an American court. Personal data from 68 U.S. citizens was compromised, and 309 domestic companies, along with two international firms, were affected. The operation ran from October 2020 to October 2023. Throughout this period, Chapman provided her “colleagues” with internet-connected laptops physically located in her home, creating the illusion that the devices—and the workers—were based in the United States. On the surface, these operatives appeared to be ordinary Americans with domestic IP addresses, legitimate documentation, and polished resumes. In reality, it was a façade of rerouted traffic and meticulously crafted deception.
The laptops were used for remote work, task execution, and employer communications. But Chapman’s involvement went even further. She also shipped devices overseas—at least 49 laptops and supporting gadgets—to cities near the China–North Korea border, ostensibly as part of “technical support” efforts. During a raid on her home in late 2023, more than 90 devices were seized.
Notably, there were several attempts by these operatives to infiltrate U.S. government agencies—twice targeting one department, and once another. All efforts were thwarted thanks to rigorous internal verification procedures.
These imposters were paid as regular employees, with salaries issued under fictitious American identities and checks sent directly to Chapman’s home. A portion of the funds was deposited into her bank accounts, laundered through multiple steps, and ultimately funneled into North Korea. The Department of Justice emphasized that the laundered funds were likely used to support the DPRK’s military ambitions, including its nuclear weapons program.
This incident is far from isolated. According to data released by the Justice Department in December, similar schemes involving fake North Korean IT workers have cost U.S. businesses at least $88 million over the past six years. Experts warn that companies dismissing this threat may simply be unaware of the breach. Tech giants such as Google and Snowflake have publicly acknowledged the widespread nature of these infiltrations, noting the high likelihood of encountering a fraudulent remote worker.
As U.S. Attorney Jeanine Ferris Pirro remarked upon sentencing: “If it happened to the biggest American banks, car manufacturers, and tech corporations, make no mistake—it can happen to you.” She stressed that employers serve as the first line of defense against threats originating from North Korea. Meanwhile, the FBI has issued a dedicated advisory urging businesses to tighten document verification processes and, when feasible, conduct in-person meetings with new hires—even in remote roles.
