A Tennessee man, Matthew Isaac Knoot, has been arrested and charged for his alleged involvement in a scheme to generate revenue for North Korea’s weapons program, including weapons of mass destruction. The Department of Justice announced that Knoot, 38, facilitated a complex operation that involved helping North Korean IT workers pose as U.S. citizens to obtain remote jobs at American and British companies. The income generated from these jobs was allegedly funneled to accounts linked to North Korean and Chinese individuals, ultimately supporting North Korea’s illicit weapons development.
According to the charges, Knoot operated a “laptop farm” from his Nashville residence between July 2022 and August 2023. He allegedly used this setup to help North Korean workers access U.S. internet connections, making it appear as though they were logging in from the United States while they were actually based in China. The IT workers involved in the scheme were paid over $250,000 during this period, much of which was funneled to North Korea and falsely reported to U.S. tax authorities under stolen identities.
Knoot faces multiple charges, including conspiracy to cause damage to protected computers, conspiracy to launder money, wire fraud, and aggravated identity theft. If convicted, he could face up to 20 years in prison. This case highlights ongoing efforts by North Korea to evade international sanctions and fund its weapons programs through cyber operations and overseas IT work. U.S. officials have been increasingly focused on thwarting these schemes, which they view as a significant national security threat.
Expanded Coverage: