Federal authorities have arrested Matthew Isaac Knoot, a 38-year-old man from Nashville, Tennessee, for allegedly running a “laptop farm” that enabled North Korean nationals to secure remote IT jobs with U.S. companies, thereby funneling hundreds of thousands of dollars to fund North Korea’s weapons program. According to court documents, Knoot used stolen identities to deceive U.S. employers into hiring North Koreans who were barred from employment under U.S. sanctions.
The scheme involved U.S. companies sending company-issued laptops to Knoot’s residences in Nashville, where he would log on, install remote desktop applications, and allow the North Korean nationals, working from locations such as China, to access the companies’ networks. The setup gave the false impression that the workers were based in the U.S. Knoot charged his co-conspirator, known as Yang Di, monthly fees for his services, including a flat rate for each laptop and a percentage of Di’s salary.
This arrest follows a broader investigation into similar schemes where North Koreans used stolen identities to secure IT jobs in the U.S. In a related case, an Arizona woman was charged in May for helping North Koreans obtain IT jobs at over 300 companies, raising $6.8 million to fund North Korea’s weapons program.
Knoot faces multiple charges, including wire fraud, intentional damage to protected computers, aggravated identity theft, and conspiracy to cause the unlawful employment of aliens. If convicted, he could face up to 20 years in prison. This case highlights ongoing efforts by North Korea to infiltrate the U.S. job market and finance its weapons of mass destruction programs through fraudulent means.
