U.S. Nationals Sentenced for Facilitating North Korean IT Fraud

Severity: High (Score: 72.5)

Sources: Justice, Cyberscoop, Bleepingcomputer

Summary

Matthew Issac Knoot and Erick Ntekereze Prince were sentenced to 18 months in prison for running fraudulent operations that allowed North Korean IT workers to secure remote jobs at nearly 70 U.S. companies. Knoot operated a laptop farm in Nashville, receiving laptops addressed to a stolen identity and installing remote desktop software. Prince facilitated remote employment for North Korean workers through his company, Taggcar Inc., generating over $943,000 in salaries for these workers. The fraudulent schemes collectively generated more than $1.2 million for North Korea, compromising U.S. corporate networks. The FBI has been actively targeting North Korean infiltration efforts since 2023. Both defendants were also ordered to pay restitution and forfeit funds related to their operations. This case highlights the ongoing risks posed by foreign actors exploiting U.S. business systems. Key Points: • Two U.S. nationals sentenced for facilitating North Korean IT fraud schemes. • The fraudulent operations impacted nearly 70 U.S. companies and generated over $1.2 million for North Korea. • The FBI continues to target North Korean IT infiltration efforts in U.S. businesses.

Key Entities

• Data Breach (attack_type)
• DPRK RevGen: Domestic Enabler Initiative (campaign)
• North Korea (country)
• The Netherlands (country)
• United States (country)
• CWE-287 - Improper Authentication (cwe)
• T1021 - Remote Services (mitre_attack)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1203 - Exploitation for Client Execution (mitre_attack)
• Remote Desktop Applications (tool)