Matthew Isaac Knoot, a 38-year-old resident of Nashville, Tennessee, has been charged by the U.S. Department of Justice (DoJ) with a series of serious offenses, including conspiracy to commit wire fraud, aggravated identity theft, and conspiracy to launder monetary instruments. According to the indictment, Knoot allegedly operated a “laptop farm” that facilitated remote IT work for North Korean nationals by using stolen identities. This scheme, which reportedly supported North Korea‘s illicit weapons program, involved Knoot hosting company laptops at his residence and installing unauthorized software to deceive companies into believing that the work was being done by a U.S. citizen.
The DoJ’s indictment reveals that Knoot used the stolen identity of a U.S. citizen named “Andrew M.” to secure remote IT positions at various media, technology, and financial companies in the U.K. and the U.S. The North Korean IT workers, who were physically located in China, used remote desktop applications to access internal networks of the victim companies from Knoot’s residence. This fraudulent operation resulted in over $250,000 paid to the overseas workers and caused more than $500,000 in damages related to auditing and remediation efforts.
Knoot’s involvement in the scheme included laundering payments through accounts linked to North Korean and Chinese actors and falsely reporting earnings to the Internal Revenue Service (IRS) under the stolen identity. A court-authorized search of Knoot’s laptop farm in August 2023 uncovered the extent of his activities and led to his arrest. Knoot is now facing a maximum penalty of 20 years in prison if convicted, with a mandatory minimum of two years for the aggravated identity theft charge.
This case underscores the growing concern over cyber-enabled fraud schemes linked to state-sponsored activities. Knoot is the second individual charged in connection with a remote IT worker fraud scheme involving North Korean operatives, following the arrest of Christina Marie Chapman, who previously ran a similar operation in Arizona. The ongoing investigation highlights the complex nature of modern cybercrimes and the significant impact such schemes can have on both businesses and national security.
Reference: