Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms

The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme that generates revenue for North Korea.

North Korea

The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme in which North Korean IT workers infiltrated hundreds of companies and earned millions of dollars for North Korea.

According to the Justice Department, North Korea has dispatched thousands of skilled IT workers around the world. These workers stole the identities of people living in the United States and leveraged them to get jobs at more than 300 companies. This allowed them not only to earn significant amounts of money for North Korea, but also to obtain valuable access to information and networks.  

“By directing its IT workers to gain employment at Western companies, North Korea has weaponized its tech talent and created the ultimate insider threat,” Michael Barnhart, Mandiant Principal Analyst, Google Cloud, told SecurityWeek

“These operatives bypass sanctions by diverting their paychecks to help fund North Korea’s nuclear program. Simultaneously, they’re providing a foothold into major organizations for North Korea’s more advanced threat groups,” Barnhart added.

The Justice Department on Thursday announced charges against 49-year-old Christina Marie Chapman of Arizona over her alleged role in assisting North Korean IT workers with getting jobs in the United States between October 2020 and October 2023.

Chapman allegedly helped them pose as US persons, and ran a laptop farm at her residence to make it appear that the computers used by the North Koreans were logging in from the United States. Chapman is also accused of helping transfer the money generated by the scheme outside of the US. 

Authorities say the scheme helped North Korean IT workers get jobs at Fortune 500 companies, including a major TV network, a car manufacturer, a Silicon Valley tech firm, an aerospace manufacturer, a luxury retail store, and a media and entertainment company. The IT workers,  who earned at least $6.8 million, even attempted to obtain jobs at two US government agencies. 

The scheme is said to have involved more than 60 stolen identities, and in dozens of cases the fraudsters’ actions created false tax liabilities for the impacted individuals. 

Advertisement. Scroll to continue reading.

The US has seized funds related to the scheme from Chapman, who faces more than 97 years in prison.

In addition to Chapman, who was arrested in the United States, the law enforcement operation also resulted in the arrest of 27-year-old Ukrainian national Oleksandr Didenko in Poland. The US is seeking Didenko’s extradition. 

Didenko is accused of running a service that created accounts at US-based freelance IT job search platforms, as well as with money service transmitters, which could be used by overseas IT workers to pose as people based in the US and obtain jobs. 

Didenko, who is said to have created more than 871 such ‘proxy’ identities, faces up to 67 years in prison. Investigators found at least one connection between the services provided by Didenko and Chapman, and uncovered evidence that the Ukrainian had been aware that some of his customers were North Korean. 

The US State Department announced on Thursday that it’s offering rewards of up to $5 million for information related to the North Korean individuals who worked with Chapman. They used the aliases Jiho Han, Haoran Xu, Chunji Jin, and Zhonghua.

North Korea has been known to leverage cyberattacks and remote IT workers to evade sanctions and obtain funds for its weapons programs. 

Related: UN Experts Investigating 58 Suspected North Korean Cyberattacks Valued at About $3 Billion

Related: US Says North Korean Hackers Exploiting Weak DMARC Settings 

Related: South Korea Says Presumed North Korean Hackers Breached Personal Emails of Presidential Staffer

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Gabriel Agboruche has been named Executive Director of OT and Cybersecurity at Jacobs.

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

More People On The Move

Expert Insights