The US Department of Justice (DoJ) on Thursday indicted a 38-year-old Nashville, Tennessee man for allegedly running a “laptop farm” to help North Koreans get remote jobs at US and British companies.
Matthew Isaac Noth is charged with conspiracy to damage a protected computer, conspiracy to launder money, conspiracy to defraud, willful damage to a protected computer, identity theft and conspiracy to illegally recruit aliens.
If convicted, Knuth faces a maximum sentence of 20 years in prison, with a mandatory minimum of two years in prison for aggravated identity theft.
Court documents allege that Knuth was involved in a labor fraud scheme allowing North Korean actors to take jobs at information technology (IT) companies in the UK and the US. The revenue-generating effort is believed to be a way to fund North Korea’s illegal weapons program.
“Noot helped them use a stolen identity to impersonate a U.S. citizen, placed company laptops in their residences, downloaded and installed unauthorized software on such laptops to facilitate access and perpetuate the fraud, and conspired to launder remote payments IT work. , including to accounts linked to North Korean and Chinese actors,” — Department of Justice said.
The unsealed indictment said the IT workers used the stolen identity of a US citizen named “Andrew M.” to telecommute, depriving media, technology and financial companies of hundreds of thousands of dollars in damages.
A recent US government advisory revealed that these IT workers, who are part of the Munitions Department of the Workers’ Party of Korea, are regularly sent to live abroad in countries like China and Russia, where they are hired as freelance IT workers for profit. . for the hermit kingdom.
Knuth is believed to have operated a laptop farm at his residences in Nashville from approximately July 2022 to August 2023, with victim companies delivering laptops to his home at an address of “Andrew M.” Knoot then entered those computers, downloaded and installed unauthorized remote desktop applications, and gained access to internal networks.
“Remote desktop applications allowed North Korean IT staff to work from locations in China, while the affected companies indicated that ‘Andrew M.’ worked at Noth’s residence in Nashville,” the Justice Department said.
“For participating in the Knoot scheme, a foreign facilitator named Yang Di paid a monthly fee for his services. A court-sanctioned search of the Knoot laptop farm was conducted in early August 2023.”
Foreign IT workers are said to have received more than $250,000 for their work over the same time period, leaving companies with more than $500,000 in costs related to auditing and restoring their devices, systems and networks. The Justice Department noted that Knuth also falsely reported income to the Internal Revenue Service (IRS) under a stolen ID.
Knuth becomes second person indicted in US in connection with remote IT worker fraud scheme Christina Marie Chapman49 years old, who was previously accused of running a laptop farm, keeping several laptops at her residence in Arizona.
Last month, security awareness training firm KnowBe4 revealed he was tricked into hiring a North Korean IT worker as a software engineer who used the stolen identity of a US citizen and enhanced his picture with artificial intelligence (AI).
The development is under the US State Department’s Rewards for Justice program announced reward of up to $10 million for information leading to identification or location six persons linked to Iran’s Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC), which has been sanctioned for attacks on critical infrastructure in the US and elsewhere.
