- The Washington Times - Thursday, August 8, 2024

A version of this story appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.

Federal prosecutors brought charges Thursday against a Tennessee man they say helped North Koreans pose as American IT workers, helping them earn U.S. salaries and fund the rogue regime’s nuclear weapons program.

Matthew Isaac Knoot was part of a broader North Korean effort to deceive U.S. companies into hiring its citizens as workers, authorities said.

Mr. Knoot is accused of running a “laptop farm” from Nashville. Companies would send him the laptops, figuring they were being used by an American worker. He then used the machines to connect the companies with North Korean IT workers stationed in China, who would work in his name, according to prosecutors.

To the companies, it appeared a man named Andrew was doing their work.

Prosecutors said companies paid more than $250,000 for each worker from July 2022 to August 2023.

Mr. Knoot is accused of running the scam under the stolen identity of a real person.

Investigators said he even had the income falsely reported to the IRS under that person’s name.

The indictment said he arranged contracts with a New York City media company, the U.S. subsidiary of a U.K.-based financial institution, a tech company in Portland, Oregon, and a media company in McLean, Virginia.

Federal authorities said North Korea uses the program to fund its weapons goals, including nuclear weapons. They said the thousands of workers end up producing hundreds of millions of dollars for the government — and the workers themselves keep almost none of it.

Assistant Attorney General Matthew Olsen said the scam should be a wakeup call to American businesses who use remote IT workers. He told them to be “vigilant in their hiring processes.”

• Stephen Dinan can be reached at sdinan@washingtontimes.com.

Copyright © 2024 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.