$17M Funneled to North Korea via Remote Workers

Hooded,Computer,Hacker,Stealing,Information,With,Laptop

U.S. Facilitator Indicted in North Korean Remote Worker Infiltration Scheme

Story Highlights

Christina Chapman, a U.S.-based facilitator, has been indicted for her role in enabling North Korean IT workers to pose as remote employees for over 300 American tech companies.
The scheme allegedly funneled over $17 million to North Korea, supporting its weapons programs and bypassing international sanctions.
The infiltration exposed U.S. companies to potential data theft and compliance violations, raising national security concerns.
Authorities and cybersecurity firms are increasing efforts to detect and mitigate these sophisticated operations, which have utilized AI and voice-changing software.

A U.S.-based individual has been indicted for allegedly facilitating a scheme that allowed North Korean operatives to infiltrate American technology companies by exploiting remote work vulnerabilities. The Justice Department announced coordinated actions in response to the operation, which reportedly funneled millions of dollars to North Korea’s weapons programs.

Arizona Woman Sentenced for $17M Information Technology Worker Fraud Scheme that Generated Revenue for North Korea https://t.co/6VzgUEFgbp @FBIPhoenix pic.twitter.com/M1cifZyEI5

— FBI (@FBI) July 24, 2025

Christina Chapman is accused of operating a “laptop farm” and providing logistical support, including identity obfuscation and device reshipment, to North Korean IT workers. These operatives allegedly posed as remote employees for over 320 companies in the past year, generating more than $17 million for the North Korean regime. This revenue is reported to directly support North Korea’s weapons development, circumventing international sanctions.

The infiltration has raised concerns regarding U.S. national security and data integrity. Companies unknowingly employing these operatives may have been exposed to risks such as data theft, compliance violations, and malware threats. The incident also highlights potential long-term implications for trust in remote hiring practices and the strengthening of North Korea’s cyber capabilities.

In response, the U.S. government is focusing on enforcing sanctions and enhancing detection efforts. Cybersecurity firms, including CrowdStrike and Microsoft, have reported an increase in sophisticated tactics used by these operatives, such as the deployment of AI for identity fraud and voice-changing software. CrowdStrike reportedly investigates approximately one such incident daily.

The U.S. Department of Justice has emphasized the need for a robust response to protect national security. The FBI has issued public warnings to businesses regarding the risks. The cybersecurity sector is experiencing increased demand for threat detection and mitigation services, as the threat is observed to extend to global targets beyond U.S. big tech. Experts underscore the importance of improved employee vetting and balancing remote work flexibility with security measures to counter evolving international cyber threats.

Watch the report: She Helped North Korea Infiltrate 300 U.S. Companies