Skip to content
Tech News
← Back to articles

Americans sentenced for running 'laptop farms' for North Korea

2026-05-07 | original
read original get North Korea Laptop Farm Kit → more articles
Why This Matters

This case highlights the ongoing threat of North Korean cyber-enabled schemes targeting U.S. companies, emphasizing the importance of robust cybersecurity and verification measures. The sentencing of U.S. nationals involved in facilitating these operations underscores the need for vigilance against illicit revenue streams that fund North Korea's regime. For consumers and businesses alike, it serves as a reminder of the evolving tactics used by malicious actors to infiltrate networks and exploit remote work vulnerabilities.

Key Takeaways

Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies.

Matthew Isaac Knoot and Erick Ntekereze Prince are the seventh and eighth U.S.-based "laptop farmers" sent to prison since the start of the year as part of a federal initiative targeting North Korea's illicit revenue generation schemes.

"These sentences hold accountable U.S nationals who enabled North Korea's illicit efforts to infiltrate U.S. networks and profit on the back of U.S. companies," said Assistant Attorney General John A. Eisenberg on Wednesday. "These defendants helped North Korean' IT workers' masquerade as legitimate employees, compromising U.S. corporate networks and helping generate revenue for a heavily sanctioned and rogue regime.

Knoot (who was arrested and charged in August 2024) ran a laptop farm from his Nashville residences between July 2022 and August 2023.

During the scheme, he received company-issued laptops addressed to a stolen identity ("Andrew M."), then installed unauthorized remote desktop software that allowed North Korean IT workers to appear as a legitimate U.S.-based employee.

Victim companies paid more than $250,000 to IT workers associated with Knoot's operation, with the payments falsely reported to the Social Security Administration and the Internal Revenue Service under stolen identities.

Prince (who pleaded guilty to wire-fraud conspiracy in November) enabled at least three North Korean IT workers to obtain remote employment at U.S. companies from approximately June 2020 through August 2024, operating through his company, Taggcar Inc. Victim companies paid the IT workers hired with the help of Prince more than $943,000 in salary, the majority of which was routed overseas.

Knoot also caused more than $500,000 in auditing and remediation costs at victim companies, while Prince's actions caused more than $1 million in remediation costs. In addition to their 18-month prison sentences, Knoot was ordered to pay $15,100 in restitution and forfeit an additional $15,100, and Prince was ordered to forfeit $89,000.

The FBI has been warning about North Korean IT workers infiltrating U.S. firms since at least 2023 and repeatedly noted that North Korea maintains a large army of thousands of IT workers using identity theft to secure employment at hundreds of American companies each year.

In April, U.S. nationals Kejia Wang and Zhenxing Wang were also sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents.

... continue reading

Explore topics: north korea laptop farms remote desktop software stolen identities u.s. companies
Related:
North Korea Provides Rare Response to Longstanding Crypto Crime Accusations
76% of All Crypto Stolen in 2026 Is Now in North Korea
Lost in translation: The linguistic challenges facing N. Korean defectors (2025)
Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos
North Korea's Lazarus Targets macOS Users via ClickFix

© 2026 GoKawiil

About | Editorial Policy | Contact