Matthew Isaac Knoot, 38, of Nashville, Tennessee, has been charged for his involvement in a scheme to generate revenue for North Korea’s illicit weapons program, including weapons of mass destruction (WMD).
According to court documents, Knoot participated in a plan to secure remote employment for North Korean IT workers using stolen identities, defrauding U.S. and British companies.
The indictment reveals that Knoot assisted these foreign IT workers, who were actually North Korean operatives, by using a stolen U.S. citizen’s identity to pose as legitimate employees. Knoot hosted company laptops at his Nashville residences, installed unauthorized software to facilitate remote access, and conspired to launder payments tied to North Korean and Chinese accounts.
“North Korea has dispatched thousands of highly skilled IT workers globally to deceive businesses and evade international sanctions to fund its dangerous weapons program,” said U.S. Attorney Henry C. Leventis for the Middle District of Tennessee. The charges highlight the growing threat of North Korea’s cyber activities and the need for heightened vigilance among U.S. businesses hiring remote IT workers.
The indictment alleges that Knoot’s involvement in the scheme caused significant financial damage to U.S. media, technology, and financial companies, amounting to over $500,000. The FBI is actively pursuing individuals who support North Korea’s illegal efforts to generate revenue through such deceptive practices.
Knoot faces multiple charges, including conspiracy to damage protected computers, wire fraud, and aggravated identity theft. If convicted, he could face up to 20 years in prison. The case is part of the FBI’s broader initiative to identify and shut down U.S.-based “laptop farms” aiding North Korea’s cyber activities.
