Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

Justice Department Disrupts North Korean ‘Laptop Farm’ Operation

Law enforcement authorities in the U.S. have arrested a Tennessee man accused of running a “laptop farm” that helped North Korean IT workers secure remote jobs at American companies.

North Korea

Law enforcement authorities in the U.S. have arrested a Tennessee man accused of running a “laptop farm” that helped North Korean IT workers secure remote jobs at American companies.

According to court documents, 38-year-old Matthew Isaac Knoot operated a scheme that assisted North Koreans posing as U.S.-based IT professionals by using the stolen identity of an American citizen.

The Justice Department said the companies, believing they were hiring a legitimate U.S. worker, shipped laptops to Knoot’s Nashville home. The agency accused Knoot of installing unauthorized software on the laptops, allowing the North Koreans to remotely login from locations in China.

This is the second major arrest linked to North Koreans infiltrating American companies as remote IT workers.  Earlier this year, the Justice Department charged Arizona resident Christina Marie Chapman for allegedly helping North Korean IT workers with getting jobs in the United States between October 2020 and October 2023.

Chapman allegedly helped them pose as US persons, and ran a laptop farm at her residence to make it appear that the computers used by the North Koreans were logging in from the United States. Chapman is also accused of helping transfer the money generated by the scheme outside of the US. 

Authorities say the ongoing schemes helped North Korean IT workers get jobs at Fortune 500 companies, including a major TV network, a car manufacturer, a Silicon Valley tech firm, an aerospace manufacturer, a luxury retail store, and a media and entertainment company. The IT workers, who earned at least $6.8 million, even attempted to obtain jobs at two US government agencies. 

The U.S. government believes North Korea has dispatched thousands of highly technical workers around the world to dupe unwitting businesses and evade international sanctions so that it can continue to fund its weapons program.

“Today’s indictment, charging the defendant with facilitating a complex, multi-year scheme that funneled hundreds of thousands of dollars to foreign actors, is the most recent example of our office’s commitment to protecting the United States’ national security interests,” said U.S. Attorney Henry C. Leventis.

Advertisement. Scroll to continue reading.

If convicted, Knoot faces a maximum penalty of 20 years in prison, including a mandatory minimum of two years in prison on an aggravated identity theft count.

The latest arrest follows an admission by Florida security awareness training firm KnowBe4 that it was tricked into hiring a North Korean as a Principal Software Engineer and narrowly avoided a major security incident.

KnowBe4 said the North Korean operative spent the first 25 minutes on the job attempting to plant malware on a company workstation.

KnowBe4 said its security team detected suspicious activities coming from a newly hired Principal Software Engineer’s workstation and quickly determined the malicious insider was using a Raspberry Pi to download malware, manipulate session history files, and execute unauthorized software.

“We sent them their Mac workstation, and the moment it was received, it immediately started to load malware,” KnowBe4 chief executive Stu Sjouwerman said.

Related: KnowBe4 Hires North Korean IT Worker, Catches New Employee Planting Malware 

Related: North Korean IT Workers Infiltrating Hundreds of US Firms

Related: North Korean APT Caught Hacking Security Researchers

Related: Mandiant Catches Another North Korean Gov Hacker Group

Related: North Korean Gov Hackers Caught Rigging Legit Software 

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights