Laptop Farms and North Korean IT Operations: How They’re Connected
Work News | New Stardom
Photo by Arif Riyanto
The term “laptop farm”, until recently confined to cybersecurity circles, is emerging in U.S. investigations into how North Korea allegedly bypasses sanctions to earn foreign currency. Recent prosecutions suggest these operations exploit the rise of remote work, using stolen identities and distributed tech setups to secure employment at Western companies.
Earlier New Stardom reporting examined how laptop farms enable remote work fraud and cyber espionage, detailing their role as physical clusters of U.S.-based computers used to mask foreign workers’ locations.
This summer’s most prominent case involves Christine Chapman, a U.S. woman sentenced to more than eight years in prison for helping North Korean IT workers pose as American employees. Court filings reviewed by the U.S. Department of Justice, and reported by outlets including The Guardian, describe Chapman’s role in managing 90 laptops across multiple U.S. states, routing paychecks to operatives abroad and helping them pass as American employees. Prosecutors say the scheme generated millions of dollars, some of it allegedly funneled toward North Korea’s weapons program.
A 2024 UN report estimated these covert IT operations generate up to $600 million annually for North Korea, a figure echoed in first-hand accounts like those described in BBC reporting on defectors, where former workers detailed using hundreds of fake identities to secure remote jobs abroad and send most of their earnings back to the regime.
Investigators describe a pattern: foreign workers create fictitious personas, apply for remote jobs through U.S. staffing agencies, and rely on intermediaries to receive hardware, validate stolen identities, and forward payments. By mimicking U.S.-based employees, they gain access to roles at Fortune 500 companies, including tech and media firms.
This investigation follows earlier indictments of North Korean operatives infiltrating more than 100 U.S. tech firms using fake identities, a scheme that similarly relied on distributed laptop setups.
The trend accelerated during the pandemic, when remote hiring expanded and verification processes loosened. “Companies quickly realized they could hire talent from anywhere,” said Benjamin Racenberg, a senior intelligence manager at cybersecurity firm Nisos. “Fraudsters realized the same thing.”
Beyond Chapman’s case, U.S. authorities have charged additional individuals this year for similar schemes. A separate indictment in January detailed a network involving North Korean, U.S., and Mexican citizens that secured jobs at more than 60 U.S. companies, generating over $800,000 in revenue.
Experts, including analysts at cybersecurity firm Nisos, warn the problem is difficult to contain. Unlike high‑profile hacking groups, these IT workers operate through conventional recruitment channels, blending into legitimate workflows.
The implications reach beyond cybersecurity. As remote work remains embedded in corporate hiring strategies, questions are growing about how companies verify workers, secure distributed devices, and detect fraud without undermining flexibility. Court filings reviewed by the U.S. Department of Justice have also renewed debate over how labor market shifts intersect with sanctions enforcement and national security.
Read Next
Government Employment in the Netherlands Reaches 1.1 Million FTEs in 2024
Follow global work and job trends. Subscribe to The Monthly Work Roundup newsletter.
Have insights on work and the future of work? Submit an opinion piece to New Stardom. Love work and career books? Explore our fun workplace book collection.
New Stardom is an independent magazine covering the Future of Work, AI, and emerging job trends.
