Federal prosecutors have secured eight convictions in five months against Americans who helped North Korean IT workers infiltrate US companies.
Matthew Isaac Knoot of Nashville and Erick Ntekereze Prince of New York were sentenced in separate courts in May for their roles in running what authorities call laptop farms.
Both men received 18 months in prison. Prince was ordered to forfeit $89,000, the amount North Korean workers paid him for his participation, while Knoot was ordered to pay $15,100 in restitution to affected companies and forfeit an additional $15,100 representing his earnings from the scheme.
Together, the US Department of Justice (DOJ) said the two men generated $1.2 million in revenue for North Korea across nearly 70 US victim companies.
The mechanics of the scheme were straightforward. US companies would ship laptops to what they believed were new employees.
According to the DOJ, Knoot and Prince received those devices at their residences and installed remote desktop software on them, allowing North Korean IT workers overseas to operate the machines while appearing to log in from American addresses.
North Korea’s remote worker operations serve a dual purpose. They generate government revenue and target technical roles at companies, particularly in crypto, to gain access to internal systems, company assets and security infrastructure, paving way for workers to get access into company operations and identify systems that could later be exploited.
Meanwhile,in April, New Jersey residents identified as Kejia Wang and Zhenxing Wang received nine years and seven years and eight months in prison respectively for hosting laptop farms. Prosecutors had alleged that the scheme ran for multiple years, used the stolen identities of 80 Americans and funneled more than $5 million to the North Korean government.
In March, the US Treasury sanctioned six individuals and two entities connected to North Korean IT worker operations for helping move illicit earnings through digital assets. Authorities have said the schemes are still active.
In June last year, the US charged four North Korean nationals with stealing more than $900,000 in crypto after using fake identities to secure remote jobs at an Atlanta-based blockchain research and development company and a Serbian crypto firm.
