North Koreans worked remotely for American companies, US says

The US separately issued sanctions against 5 Russian entities for transferring weapons from Pyongyang.

Washington

The United States on Thursday charged an American citizen, a Ukrainian citizen and three North Koreans with fraud over an elaborate scam that used identity theft to trick businesses into remotely hiring North Korean IT workers.

An unsealed indictment from the Department of Justice alleged that the group stole the identities of more than 60 Americans between 2020 and 2023 to secure telework jobs for North Koreans at U.S. companies. The scheme allegedly raised nearly $7 million for Pyongyang.

The indictment says 49-year-old Christina Marie Chapman of Litchfield Park, Arizona, facilitated the scheme to help the North Koreans secure remote jobs, in some cases receiving laptops on their behalf and helping them connect to their employers’ IT networks.

Chapman “engaged in a scheme that compromised more than 60 identities of U.S. persons, impacted more than 300 U.S. companies, … created false tax liabilities for more than 35 U.S. persons, and resulted in at least $6.8 million of revenue to be generated for the overseas IT workers,” the unsealed indictment alleges.

She was charged with a series of criminal offenses including conspiracy to defraud the United States, to commit wire fraud and bank fraud, aggravated identity theft and money laundering, it says.

A ‘wakeup call’

The Ukrainian national, 27-year-old Oleksandr Didenko of Kyiv, allegedly ran an online service called “UpWorkSell,” through which he sold false identities of real U.S. citizens that the North Korean workers used to secure jobs with “unsuspecting companies” in America.

Didenko “knew that some of his customers were North Korean,” according to a press release from the Department of Justice, which also said Didenko was already apprehended by U.S. authorities.

The three North Koreans are named as Jiho Han, Haoran Xu and Chunji Jin, but the indictment says the names are likely aliases. They were allegedly supervised by a fourth man named Zhonghua.

The indictments “should be a wakeup call for American companies and government agencies that employ remote IT workers,” especially since the North Korean workers likely stole proprietary information from their employers, said U.S. Assistant Attorney General Nicole Argentieri.

Akil Davis, the special agent in charge of the FBI’s office in Phoenix, added that the indictment showed Pyongyang’s shifting strategy.

“That a woman living her quiet life in the outskirts of Phoenix can allegedly get so entangled in something like this clearly indicates our adversaries are getting more sophisticated and stealthier,” he said.

North Korean weapons

The State Department issued a reward of up to $5 million for information leading to the capture of the North Koreans accused of taking part in the remote work scheme, and said they were raising funds specifically for North Korea's weapons programs.

The workers “are linked to the DPRK’s Munitions Industry Department, which oversees the development of the DPRK’s ballistic missiles, weapons production, and research and development programs,” it said, using an acronym for the official name of the North Korean state.

The United States on Thursday also issued sanctions against five Russian entities accused of facilitating weapons transfers from North Korea to Russia amid Moscow and Pyongyang's burgeoning military alliance as Russia looks for support in its war in Ukraine.

“Russia has already used upwards of 40 DPRK-produced ballistic missiles against Ukraine, as well as munitions,” the State Department said, calling the transfers “a wide-ranging threat to global security” and a “direct contravention” of U.N. Security Council resolutions.

“Russia has increasingly relied upon the DPRK for munitions to wage its war on Ukraine and has fired dozens of DPRK-supplied ballistic missiles against targets in Ukraine,” the statement said, adding that the sanctions “highlight our opposition to continued arms transfers.”