Ddos 
The corporate perimeter has been breached, and the threat isn’t coming through an external firewall—it’s sitting on a desk in Nashville and New York. The Justice Department has delivered a warning to the American business sector, announcing federal prison sentences for two U.S. nationals who operated domestic “laptop farms” to facilitate a massive North Korean cyber infiltration scheme.
Matthew Issac Knoot of Tennessee and Erick Ntekereze Prince of New York were each handed 18-month federal prison sentences for their roles as crucial domestic enablers. Their actions provided the Democratic People’s Republic of Korea (DPRK) with a backdoor into the proprietary networks of nearly 70 U.S. companies.
The mechanics of this operation bypassed traditional cybersecurity defenses through sheer geographic deception. Unsuspecting companies shipped corporate-issued laptops to what they believed were newly hired, U.S.-based IT professionals. In reality, the hardware arrived at the residences of Knoot and Prince. The defendants then installed unauthorized remote desktop applications on these devices.
This critical step allowed North Korean operatives—often working from locations in China—to remotely take over the laptops. To the victim companies’ security and network monitoring systems, the traffic appeared to originate from legitimate domestic employees.
The scale of the compromise is severe. The fraudulent operation generated over $1.2 million in illicit revenue for the heavily sanctioned DPRK regime—revenue that intelligence agencies confirm is used to fund its weapons of mass destruction programs. Furthermore, the infiltration left a trail of corporate damage, costing the victimized companies over $1.5 million in forensic auditing, incident response, and network remediation to purge the unauthorized access.
Prince escalated the deception by utilizing his own company, Taggcar Inc., to fraudulently supply “certified” IT workers operating under stolen American identities. He was ordered to forfeit the $89,000 he was paid by the operatives. Knoot, who operated his Nashville laptop farm under the stolen identity “Andrew M.,” actively attempted to destroy evidence when the FBI raided his home in August 2023. He was ordered to forfeit $15,100 and pay an equal amount in restitution to the victims.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
