By Greg Otto
Matthew Isaac Knoot, a 38-year-old Nashville resident, was arrested on Thursday for allegedly facilitating a scheme that funneled hundreds of thousands of dollars to North Korea’s illicit weapons program. The indictment, unsealed in the Middle District of Tennessee, outlines a complex operation in which Knoot reportedly helped North Korean IT workers secure remote jobs with U.S. and British companies under false identities.
Knoot allegedly utilized stolen identities to obtain these positions for North Korean nationals posing as U.S. citizens. These workers, based abroad, earned six-figure salaries that were laundered through international transfers to obscure their origins. Knoot, in collaboration with co-conspirators including a facilitator named Yang Di, reportedly enabled the operation by installing unauthorized software on company laptops.
While the work was completed on U.S.-based computers, Knoot and his accomplices received a percentage of the salaries, sending the remainder abroad. He faces multiple charges, including conspiracy to damage protected computers and money laundering, which could lead to a maximum sentence of 20 years in prison if convicted.
This incident highlights the increasing threat posed by North Korean-led remote work schemes, which have become a concern for both U.S. government agencies and the cybersecurity industry. In May, the Justice Department charged an Arizona woman involved in a similar operation that defrauded over 300 U.S. companies. Additionally, in July, a security firm revealed that it had dismissed a newly hired engineer after discovering the individual was actually controlled by a North Korean threat actor.
CrowdStrike’s recent 2024 Threat Hunting Report indicated that remote IT workers linked to North Korea targeted more than 30 U.S.-based companies, spanning various sectors including aerospace, defense, retail, and technology.
“This indictment should serve as a stark warning to U.S. businesses employing remote IT workers about the growing threat from North Korea and the necessity for vigilance in their hiring processes,” stated Assistant Attorney General Matthew G. Olsen in a press release.
