The Department of Justice (DoJ) in the US filed charges on Thursday against a 38-year-old person from Nashville, Tennessee. The individual is accused of operating a “laptop farm” to aid North Koreans in obtaining remote positions with American and British organizations.
Matthew Isaac Knoot is facing allegations of engaging in a plot to harm protected computers, engaging in money laundering schemes, conspiring to commit wire fraud, deliberately damaging protected computers, aggravated identity theft, and participating in a scheme to unlawfully employ aliens.
If found guilty, Knoot could potentially be sentenced to a maximum of 20 years in prison, with a mandatory minimum of two years in prison for the aggravated identity theft charge.
The court filings suggest that Knoot was involved in a fraudulent activity, allowing North Korean operatives to secure jobs at IT firms in the UK and the US. It is believed that the funds generated through these activities are utilized to finance North Korea’s illicit weapons initiatives.
“Knoot aided them in assuming a stolen identity to impersonate a US citizen, harbored company laptops at his residences, downloaded and installed software on these laptops without authorization to enable access and sustain the deceit, and conspired to launder payments for the remote IT assignments, including to accounts linked to North Korean and Chinese individuals,” as per the DoJ’s statement.
The unsealed indictment unveils that the IT workers leveraged the stolen identity of a US citizen named “Andrew M.” to secure remote work, causing media, technology, and financial corporations significant financial losses running into hundreds of thousands of dollars.
Recent notifications from the US government have disclosed that these IT professionals, associated with the Workers’ Party of Korea’s Munitions Industry Department, are frequently deployed to other countries like China and Russia to work as freelance IT engineers, generating income for their home country, North Korea.
Between around July 2022 and August 2023, Knoot allegedly ran a laptop farm at his Nashville residences, where the affected companies dispatched laptops addressed to his residence under the name “Andrew M.” Knoot would then access these devices, install unauthorized remote desktop software, and penetrate the internal networks.
“The remote desktop software allowed the North Korean IT workers to operate from locations in China while giving the impression to the victim companies that ‘Andrew M.’ was working from Knoot’s residences in Nashville,” highlighted the DoJ.
“For his involvement in the scheme, Knoot received a monthly fee for his services from a foreign intermediary known as Yang Di. An authorized search of Knoot’s laptop farm was conducted in early August 2023.”
The overseas IT professionals are reported to have earned over $250,000 for their services during the mentioned timeframe, incurring costs exceeding $500,000 for companies to audit and rectify their devices, systems, and networks. Additionally, Knoot allegedly misrepresented the earnings to the IRS under the stolen identity.
Knoot is the second individual charged in the US in connection with the remote IT worker fraud scheme, following Christina Marie Chapman, 49, who was accused previously of operating a laptop farm by accommodating multiple laptops at her property in Arizona.
Recently, security training company KnowBe4 disclosed that they were deceived into hiring an IT professional from North Korea as a software developer, who utilized the identity of a US citizen and manipulated their image through artificial intelligence (AI).
This development coincides with the Rewards for Justice program initiated by the US State Department offering a reward of up to $10 million for information that leads to the identification or whereabouts of six individuals associated with the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), who were sanctioned for targeting critical infrastructure entities in the US and other nations.
About Author
