A US citizen pleaded guilty on Tuesday for her involvement in a scheme that enabled several North Korean nationals to receive paychecks from over 300 US companies.

Christina Marie Chapman, a 48-year-old resident of Litchfield Park, Arizona, was arrested last May during a broader crackdown on North Korea’s operation to have hundreds of its citizens hired for IT positions at unsuspecting US companies.

According to the Department of Justice, Chapman assisted the group of North Korean workers in generating over $17.1 million, the majority of which was sent back to the North Korean government.

Chapman confessed in a federal courtroom in Washington, DC, to running a three-year identity fraud operation and pleaded guilty to wire fraud, identity theft, and money laundering in connection with the operation.

From October 2020 to October 2023, Chapman stole the identities of 70+ US citizens and used fabricated employment records to secure remote jobs for foreign IT workers at American companies. She also operated a laptop farm at her home, where companies sent corporate laptops after the workers had been hired.

The laptop farm made it appear as though the North Korean workers were based in the US when in reality, many of them were working from countries like China, Russia, Laos, and others with ties to North Korea. The workers were usually hired through third-party staffing agencies or temporary contracting firms.

The North Koreans managed to secure jobs at several Fortune 500 companies, including a top-five major television network, an American car manufacturer, a Silicon Valley tech firm, a luxury retail brand, an aerospace and defense contractor, and a prominent US media and entertainment company.

Chapman facilitated the workers’ daily remote access to the IT networks of US companies and “helped launder the proceeds from the scheme by receiving, processing, and distributing paychecks from the U.S. firms to these IT workers and others.”

Last month, the FBI issued an advisory confirming industry reports that more North Koreans are attempting to extort US companies.

“In recent months, in addition to data extortion, North Korean IT workers have used unlawful access to company networks to steal sensitive data, support cyber-criminal activities, and generate revenue for the regime,” the agency said. “After being discovered on company networks, North Korean IT workers have extorted victims by holding stolen proprietary data and code hostage until companies meet ransom demands.”