U.S. Nationals Sentenced for Facilitating North Korean IT Fraud

Severity: High (Score: 62.7)

Sources: Bleepingcomputer, Jfeed, Justice, Cyberscoop, Theregister

Summary

Matthew Issac Knoot and Erick Ntekereze Prince were sentenced to 18 months in prison for facilitating a scheme that allowed North Korean IT workers to fraudulently obtain remote jobs at U.S. companies. The duo hosted laptops at their residences, which were used by North Korean operatives to infiltrate nearly 70 U.S. firms, generating over $1.2 million in revenue for the DPRK. Knoot and Prince misrepresented their roles, enabling North Korean workers to appear as legitimate employees through remote desktop applications. The fraudulent activities caused significant financial losses, including over $1 million in remediation costs for victim companies. Both defendants were also ordered to forfeit substantial amounts of money earned from the scheme. The FBI continues to target such operations to disrupt North Korea's ability to circumvent sanctions and fund its regime. Key Points: • Knoot and Prince each received 18-month prison sentences for facilitating North Korean IT fraud. • The scheme impacted nearly 70 U.S. companies, generating over $1.2 million for North Korea. • The FBI is actively pursuing individuals involved in North Korea's IT worker infiltration schemes.

Key Entities

• Data Breach (attack_type)
• DPRK RevGen: Domestic Enabler Initiative (campaign)
• North Korea (country)
• The Netherlands (country)
• United States (country)
• CWE-287 - Improper Authentication (cwe)
• Healthcare (industry)
• Professional Services (industry)
• T1021 - Remote Services (mitre_attack)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1203 - Exploitation for Client Execution (mitre_attack)
• Remote Desktop Applications (tool)