Christina Chapman, a 49-year-old Arizona woman, was sentenced to more than eight years in federal prison this week for operating a complex scheme that secretly funneled over $17 million to North Korea between 2020 and 2023. The scheme, according to U.S. prosecutors, enabled North Korean IT workers to infiltrate hundreds of U.S. companies—many of them Fortune 500 firms—using stolen American identities.

At the center of the operation was Chapman’s suburban home, where she maintained what authorities described as a “laptop farm.” Dozens of company-issued computers—some mailed directly by employers who believed they were onboarding legitimate American workers—were housed in her residence. From there, North Korean IT contractors, posing as U.S.-based remote employees, were able to access sensitive American networks from locations in China, Russia, and elsewhere.

The Justice Department said Chapman knowingly conspired with North Korean agents to deceive more than 300 U.S. businesses, allowing them to plant workers under false pretenses. In many cases, the companies believed they had hired vetted U.S. citizens—often congratulating them for their performance—while in reality, their payrolls were funding one of the world’s most aggressive weapons regimes.

The workers were paid as much as $5,000 per week, and their wages were laundered through financial accounts connected to Chapman, then routed to the North Korean government. Prosecutors say the stolen funds directly supported the country’s nuclear weapons program, in defiance of U.S. and U.N. sanctions.

Officials noted that Chapman not only managed the equipment but also helped disguise the scheme from financial institutions by facilitating false paperwork and hiding the identities of the workers. She used the stolen identities of at least 68 American citizens, many of whom were unaware their information had been compromised until the IRS hit them with unexpected tax liabilities.

In a statement following the sentencing, the FBI called the operation one of the most significant identity fraud cases ever prosecuted in the U.S., and warned that similar efforts may still be ongoing. “Christina Chapman’s laptop farm alone generated $17 million and victimized hundreds of U.S. companies,” one official said. “We believe there are thousands of other North Korean IT workers doing this as we speak.”

One of the companies unknowingly involved was Nike, which submitted a letter to the court stating that the scheme was a profound betrayal of trust and a national security concern, despite no internal breach having occurred.

Chapman pleaded guilty and admitted she knew the workers were tied to North Korea. Authorities sentenced her to 102 months in prison. Prosecutors say her conviction is a warning to companies and individuals alike: the threat isn’t just abroad—it may already be inside your network.