Two U.S. nationals were sentenced to 18 months in prison for running laptop farms that facilitated North Korea’s expansive remote IT workers scheme, the Justice Department said Wednesday.
Matthew Issac Knoot and Erick Ntekereze Prince both received and hosted laptops at their residences to dupe U.S. companies into thinking remote IT workers they hired were located in the country. The pair’s separate schemes impacted almost 70 U.S. companies and generated a combined $1.2 million in revenue for the North Korean regime.
“The FBI and our partners will continue to disrupt North Korea’s ability to circumvent sanctions and fund its totalitarian regime,” Brett Leatherman, lead of the FBI’s Cyber Division, said in a statement. “These cases should leave no doubt that Americans who choose to facilitate these schemes will be identified and held accountable. Hosting laptops for DPRK IT workers is a federal crime which directly impacts our national security, and these sentences should serve as a warning to anyone considering it.”
Knoot, of Nashville, Tennessee, and Prince, of New York, received the laptops from unsuspecting U.S. companies and installed remote desktop applications on the machines to enable co-conspirators to work from anywhere while appearing to be based at their respective residences.
Prince’s company Taggcar was contracted to supply IT workers to victim U.S. companies from June 2020 through August 2024. He pleaded guilty in November 2025 to wire fraud conspiracy for his yearslong involvement in the North Korean IT worker scheme.
Prince was indicted and charged in January 2025 along with his alleged co-conspirators, who collectively obtained work for North Korean IT workers at 64 U.S. companies, earning nearly $950,000 in salary payments.
A federal judge sentenced Prince Wednesday and ordered him to forfeit $89,000, which is the amount he netted personally.
Knoot was arrested in August 2024, a year after the FBI searched his home. Officials said he made multiple false and misleading statements and destroyed evidence to obstruct the investigation at that time.
Victim companies paid North Korean workers linked to Knoot’s laptop farm more than $250,000 from July 2022 to August 2023. The remote IT workers transferred those funds to Knoot and accounts associated with North Korean and Chinese nationals, officials said.
Knoot was sentenced May 1 and ordered to pay $15,1000 in restitution to the victim companies and forfeit an additional $15,100, which is equivalent to the amount of his direct take from the scheme.
The pair of North Korean operatives join a growing list of people who have been charged and jailed for supporting the regime’s scheme that generates hundreds of millions of dollars annually for the country’s military and organizations involved in its weapons programs.
Authorities have been cracking down on the malicious insider activity by seizing cryptocurrency linked to the theft, and targeting U.S.-based facilitators who provided forged or stolen identities and hosted laptop farms for North Korean operatives.
The countermeasures are stacking up, but the scheme is widespread and has infiltrated an undetermined number of businesses, including hundreds of Fortune 500 companies.
Federal judges previously sentenced other people to prison for their involvement in the scheme, including Keija Wang and Zhenxing Wang; Audricus Phagnasay, Jason Salazar and Alexander Paul Travis; Oleksandr Didenko and Christina Chapman.
“These sentences hold accountable U.S nationals who enabled North Korea’s illicit efforts to infiltrate U.S. networks and profit on the back of U.S. companies,” John A. Eisenberg, assistant attorney general for national security, said in a statement.
“These defendants helped North Korean ‘IT workers’ masquerade as legitimate employees, compromising U.S. corporate networks and helping generate revenue for a heavily sanctioned and rogue regime,” he added. “The National Security Division will continue to pursue those who, through deception and cyber-enabled fraud, threaten our national security.”
The post American duo sentenced for hosting laptop farms for North Korean IT workers appeared first on CyberScoop.
–
Read More – CyberScoop
