A Female American Citizen Accused of Aiding North Korean IT Workers in Cyber Schemes
The recent charges filed by the U.S. Justice Department against five individuals, including a U.S. citizen woman, a Ukrainian man, and three foreign nationals, have shed light on a complex cyber scheme that benefited North Korea’s nuclear weapons program. These individuals allegedly participated in a coordinated campaign by the North Korean government to infiltrate U.S. job markets through fraudulent means, aiming to generate profits for the North Korean regime and its illicit nuclear activities.
Among the accused are Christina Marie Chapman and Oleksandr Didenko, who were apprehended in Arizona and Poland, respectively. The Department of Justice is now seeking Didenko’s extradition to the United States. Chapman and Didenko face charges of conspiracy to defraud the U.S., aggravated identity theft, and multiple counts of fraud and money laundering. Additionally, three other foreign nationals, known only by their aliases, are facing charges of conspiracy to commit money laundering.
If convicted, Chapman could face up to 97.5 years in prison, while Didenko’s maximum penalty is 67.5 years. The unnamed foreign nationals could face a maximum of 20 years behind bars. According to Nicole M. Argentieri, the head of the Justice Department’s Criminal Division, Chapman and her associates engaged in fraudulent activities and used stolen identities of American citizens to enable foreign individuals to pose as domestic IT workers.
In a significant development, the U.S. State Department has announced a reward of up to $5 million for information related to Chapman’s co-conspirators, the North Korean IT workers implicated in the cyber scheme, and their supervisor known as Zhonghua.
Operation by North Korean IT Workers Through U.S. Computer Farms
The indictment reveals that Chapman provided housing for the North Korean IT workers’ computer systems in her residence, creating a “computer farm” to give the appearance that the devices were operating within the U.S. They were employed as remote software developers by several prominent U.S. corporations, including companies in the aerospace, defense, technology, and media sectors.
These individuals received substantial payments for their services, with Chapman handling their paychecks through her U.S. bank accounts. Didenko, on the other hand, operated a platform called UpWorkSell, which was seized by the DOJ, and facilitated the use of fake identities by North Koreans seeking remote IT positions.
Didenko’s activities included managing hundreds of proxy identities, providing proxy accounts for freelance IT platforms, and overseeing U.S.-based computer farms hosting numerous systems. The scheme compromised over 60 U.S. identities, impacted more than 300 American companies, and resulted in significant earnings for foreign IT workers.
The FBI has issued an advisory providing insights into how North Korean IT workers undermine the security of businesses that engage them, along with guidance on identifying and addressing these schemes. Additionally, joint advisories with international partners have been issued to warn about North Korean IT worker schemes, and sanctions have been imposed on organizations involved in these illicit activities.
