US jails two ‘laptop farmers’ who aided North Korean IT workers

The Justice Department announced Wednesday that Matthew Issac Knoot of Nashville and Erick Ntekereze Prince of New York each received 18-month prison terms for acting as intermediaries for North Korea-based IT workers. Knoot was sentenced on May 1 and Prince was sentenced this week.

Prosecutors described how the men received laptops shipped to U.S. addresses for remote hires, installed remote desktop software on the devices, and configured accounts so workers abroad could log in while the computers and accounts remained tied to U.S. locations.

Court orders require Prince to forfeit $89,000, the amount he received for his role. Knoot must pay $15,100 in restitution to affected companies and forfeit another $15,100 in proceeds from the scheme.

The Justice Department reported the pair were part of a network of U.S.-based operators that enabled a larger remote-work effort. Authorities say eight people have been sentenced in the past five months for acting as domestic proxies. Prosecutors estimate the laptop-farm program generated about $1.2 million and affected nearly 70 U.S. companies.

Investigators and cybersecurity specialists report the program focused on technical roles, particularly at cryptocurrency firms, to gain access to company assets or to map internal systems for potential theft or exploitation. The FBI Cyber Division warned that attackers use these remote positions to compromise sensitive infrastructure and move funds.

In a separate New Jersey case, Kejia Wang received a nine-year sentence and Zhenxing Wang received seven years and eight months for hosting laptop farms. Prosecutors said that scheme ran for multiple years, used about 80 stolen U.S. identities and produced more than $5 million for the North Korean government.

A cybersecurity firm’s August report documented a 220% rise over 12 months in companies that hired workers linked to North Korean operations, affecting more than 320 firms. The report noted those applicants increasingly used artificial intelligence to automate and streamline job applications and to mask their true locations while performing remote work.

Federal authorities also charged four North Korean nationals last June with using fake identities to secure remote employment at an Atlanta-based blockchain research firm and a Serbian cryptocurrency company; the indictment alleges those defendants stole more than $900,000 in cryptocurrency.

Prosecutors have sought prison terms, forfeiture and restitution in these cases. Officials described the actions as part of enforcement efforts to disrupt financial flows tied to North Korea’s cyber operations and to address misuse of remote-hire systems.