Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

US national arrested for operating a North Korean laptop farm

A 38-year-old man has been arrested and charged with running a scheme that led to the employment of North Korean hackers posing as IT workers.

user icon David Hollingworth
Mon, 12 Aug 2024
US national arrested for operating a North Korean laptop farm
expand image

The United States Department of Justice has revealed details of the successful dismantling of a laptop farm that was generating revenue for illicit North Korean weapons programs.

Matthew Isaac Knoot, 38, of Nashville, Tennessee, was charged on 8 August for running the laptop farm out of his own home.

The DOJ alleges Knoot was responsible for assisting North Korean threat actors to create false identities and obtain jobs as IT workers at companies in the US and Britain.

============
============

The companies would send their laptops to the fake employees after being hired to work remotely, and Knoot would install unauthorised remote access software to allow North Korean IT workers to log on from locations in China while still appearing to be working from the US.

US Attorney Henry C. Leventis for the Middle District of Tennessee said that North Korea had dispatched thousands of such workers.

“North Korea has dispatched thousands of highly skilled information technology workers around the world to dupe unwitting businesses and evade international sanctions so that it can continue to fund its dangerous weapons program,” Leventis said in a DOJ statement.

“Today’s indictment, charging the defendant with facilitating a complex, multi-year scheme that funnelled hundreds of thousands of dollars to foreign actors, is the most recent example of our office’s commitment to protecting the United States’ national security interests.”

Assistant Director Bryan Vorndran of the FBI’s cyber division, which worked on the investigation, said the FBI would “relentlessly pursue those who aid the North Korean government’s illegal efforts to generate revenue”.

“Where illicit proceeds may be used to fund the regime’s kinetic capacity, we will prioritise our work to disrupt that flow of money,” Vorndran said.

“This indictment should demonstrate the risk faced by those who support the DPRK’s malicious cyber activity.”

Michael Barnhart of cyber security firm Mandiant’s North Korean threat hunting team said the problem is more widespread than most people realise.

“Based on the volume and scale of activity we’ve seen, North Korean IT workers are widespread in Fortune 500 companies, using their earnings to incentivise others to aid their operations,” Barnhart said.

“By neutralising these laptop farms and arresting the facilitators, it deals a significant blow to their operations and unravels months and months of time and energy put in by these North Korean threat actors.”

Knoot is charged with conspiracy to cause damage to protected computers, conspiracy to launder monetary instruments, conspiracy to commit wire fraud, intentional damage to protected computers, aggravated identity theft and conspiracy to cause the unlawful employment of aliens.

If convicted, the Tennessee man faces a maximum stretch of 20 years in prison, with a mandatory minimum of two years behind bars for the charge of aggravated identity theft.

Cyber security awareness firm KnowBe4 recently fell victim to such a scam in June of this year, accidentally hiring a North Korean hacker taking advantage of a local laptop farm.

Thankfully, the company discovered the scheme before any harm could be done.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.