CrowdStrike Flags 220% Jump in North Korean Job Ruses as US Issues First Jail Term

The United States has secured its first prison sentence tied to a widening scheme in which North Korean information-technology specialists pose as remote employees of Western companies. A federal judge handed Arizona resident Laura Chapman an eight-and-a-half-year term after she admitted hosting a “laptop farm” that made it appear the workers were connecting from the United States. Prosecutors said the ruse helped the operatives earn more than $17 million from Fortune 500 firms between 2020 and 2023; 90 corporate laptops were seized during the investigation. Chapman’s conviction comes as cybersecurity firm CrowdStrike reports a sharp escalation in the same tactic. In its 2025 Threat Hunting Report released Monday, the company said it investigated more than 320 incidents of North Korean operatives fraudulently securing remote IT jobs in the year to 30 June, a 220 percent jump from the prior period. The threat actors—labelled “Famous Chollima” by CrowdStrike—were detected not only in the United States but also in Europe and Latin America. According to CrowdStrike, the operatives rely on generative artificial-intelligence tools to craft résumés, create deepfaked identities and even answer technical interview questions, allowing them to work simultaneously for multiple employers. US authorities have warned that the salaries and intellectual property siphoned from unwitting firms are channelled toward Pyongyang’s sanctioned weapons programmes. Investigators say tighter identity-verification checks during hiring and closer monitoring of remote access points are needed to stem the growing insider threat.