The Department of Justice (DOJ) announced on Wednesday the sentencing of two U.S. nationals in separate cases for their roles in facilitating a fraudulent remote information technology (IT) worker scheme that generated more than $1 million in revenue for North Korea.
Matthew Isaac Knoot from Nashville and Erick Ntekereze Prince from New York “received and hosted laptop computers at their residences that victim U.S. companies shipped to IT workers they had hired and who the victim companies believed were located at the defendants’ residences,” the DOJ said in a May 6 statement. However, these remote information technology (IT) workers were affiliated with the Democratic People’s Republic of Korea (DPRK).
“Knoot and Prince also installed remote desktop applications on laptops that enabled their co-conspirators to work from locations overseas while appearing to the victim companies to be working from the defendants’ residences. In total, the defendants’ separate fraudulent schemes generated more than $1.2 million in revenue for the DPRK and impacted nearly 70 victim companies in the United States.”
Over the past five months, eight such U.S.-based “laptop farmers,” including Knoot and Prince, have been sentenced as part of ongoing efforts by U.S. authorities to disrupt the illicit revenue generation activities of North Korea.
Earlier in July, the FBI issued a public service announcement alert, warning U.S. businesses that North Korea was seeking to generate “substantial revenue” by getting its IT workers fraudulently employed at American companies with disguised identities.
This is being done in collaboration with U.S.-based individuals, who provide U.S.-based internet connections to the workers, provide laptops located in the United States, set up financial accounts for the workers, and attend virtual meetings on behalf of the North Koreans.
“North Korean IT workers’ activities illegally violate U.S. and U.N. sanctions and threaten the security of the targeted companies,” the alert said.
According to a 2022 advisory from the U.S. Department of the Treasury and other agencies, the United Nations Security Council has passed resolutions highlighting that revenue generated by North Korea’s overseas workers contributes to the regime’s ballistic and nuclear weapons programs.
One of the resolutions prohibits UN member states from “providing new work authorizations, or renewing expired authorizations, for DPRK nationals in their jurisdictions” unless approved by a council committee.
“Individuals and entities engaged in or supporting DPRK IT worker-related activity, including processing related financial transactions, should be aware of the potential legal consequences of engaging in prohibited or sanctionable conduct,” the advisory said.
Laptop Farm Operations
According to the DOJ, Knoot ran a “laptop farm” from his residences in Nashville between roughly July 2022 and August 2023. The victim companies shipped laptops in the name of employee “Andrew M.” to Knoot’s residences, following which he logged into these laptops unauthorized, installed remote desktop applications, and accessed businesses’ networks.
The apps allowed a North Korean IT worker to work from several locations in China while appearing as Andrew M. to victim companies.
The victim companies paid more than $250,000, most of which was reported to the Internal Revenue Service and the Social Security Administration in the name of Andrew M., an actual U.S. citizen whose identity had been stolen.
On May 1, a district court sentenced Knoot to 18 months in jail, followed by a year of supervised release, and asked him to shell out more than $30,000 in fines.
Meanwhile, Prince enabled at least three North Korean IT workers to secure remote employment from U.S. companies between roughly June 2020 and August 2024, the DOJ said.
The laptops provided by the U.S. companies were housed in residences in New York, with the North Korean workers using remote access software installed on these laptops.
In this case, the victim companies paid more than $943,069 in salaries, most of which were sent to the overseas workers. On May 6, a district court judge sentenced Prince to 18 months in prison and three years of supervised release, and ordered him to forfeit $89,000.
“These sentences hold accountable U.S nationals who enabled North Korea’s illicit efforts to infiltrate U.S. networks and profit on the back of U.S. companies,” Assistant Attorney General for National Security John A. Eisenberg said.
“These defendants helped North Korean ‘IT workers’ masquerade as legitimate employees, compromising U.S. corporate networks and helping generate revenue for a heavily sanctioned and rogue regime,” he said. “The National Security Division will continue to pursue those who, through deception and cyber-enabled fraud, threaten our national security.”
IT Worker Fraud
U.S. authorities have taken action against multiple fraudulent employment cases involving North Korean IT workers.
On April 15, the DOJ announced the sentencing of two U.S. nationals for engaging in such a scheme that generated $5 million for the North Korean regime.
In November 2025, the DOJ said that four Americans and a Ukrainian pleaded guilty to being involved in a similar scheme.
According to an Oct. 22 report from the Multilateral Sanctions Monitoring Team, a mechanism tasked with monitoring actions that evade sanctions as outlined in U.N. Security Council Resolutions, almost all cybercrime, money laundering, and IT work operations from North Korea are conducted under the communist regime’s supervision.
These activities benefit entities such as the Workers’ Party of Korea, which has been subject to sanctions by the United Nations. The party is under the control of North Korean leader Kim Jong Un.
The DOJ’s Rewards for Justice program offers up to $5 million for any information that disrupts the financial mechanisms of people engaged in activities supporting North Korea, including worker schemes.
Specifically, the program “is seeking information on North Korean nationals who are sent outside of North Korea to work to generate money for the North Korean government, including information on companies and individuals who employ them or otherwise facilitate their activities outside of North Korea.”
Friends Read Free
Copy
Facebook
Tweet
