Inside the North Korea Laptop Farm Scheme: How Two Americans Helped Pyongyang Infiltrate U.S. Companies

A federal courtroom in Florida delivered an uncomfortable verdict on May 6, 2026. Two Americans, Matthew Issac Knoot of Nashville and Erick Ntekereze Prince of New York, were each sentenced to 18 months in prison for running so-called laptop farms that helped North Korean operatives pose as remote U.S. workers at nearly 70 American companies. Their schemes funneled more than $1.2 million to Kim Jong Un's regime. The North Korea laptop farm scheme is no longer a fringe threat. It is a fixture of modern insider risk.

What a Laptop Farm Actually Is

A laptop farm is a residence inside the United States where an enabler stockpiles corporate laptops shipped by unsuspecting employers. The enabler installs remote-access software, then hands control of those machines to overseas operatives, most often North Korean IT workers based in China or Russia. According to the victim company's monitoring tools, the worker appears to be in Nashville or New York. The reality is a Pyongyang-directed cell that draws salaries, steals data, and occasionally extorts employers.

Knoot received corporate laptops addressed to "Andrew M.," a stolen American identity. Prince operated the same model at scale through his staffing firm, Taggcar Inc., placing fraudulent workers at more than 64 U.S. employers between 2020 and 2024.

Why This Matters for National Security

The salaries are not the only loss. They are the funding stream. Federal prosecutors have stated that DPRK IT workers earn up to $300,000 each per year, with collective annual revenue running into the hundreds of millions. Those funds flow to entities tied to North Korea's nuclear weapons and ballistic missile programs.

The damage is wider than payroll fraud:

• Sanctions evasion: Each fraudulent paycheck circumvents U.S. and U.N. restrictions on the regime.

• Data theft and extortion: After detection, North Korean workers have ransomed stolen source code and proprietary data.

• Defense sector exposure: Federal cases have documented theft of export-controlled information from U.S. contractors.

• Supply chain risk: Subcontractors and staffing agencies are now a deliberate target as a quieter route into Fortune 500 networks.

  
  

Red Flags Every Hiring Team Should Know

The North Korea laptop farm scheme is detectable when defenders know where to look. Hiring managers, HR teams, and security leaders should treat the following as warning signs:

1. Last-minute changes to a candidate's shipping address, especially a switch between U.S. residential addresses just before a laptop is dispatched.

2. Reluctance to appear on live video or interview audio that suggests translation latency.

3. References that all trace back to the same staffing intermediary or shell LLC.

4. Multiple bank account changes after onboarding, particularly toward digital payment platforms.

5. Unusual requests for elevated privileges or installation of remote-administration tools such as AnyDesk, TeamViewer, or RustDesk.

6. Subtle keystroke or input latency on a laptop that appears to be located in the United States.

Amazon disclosed in late 2025 that it had blocked more than 1,800 suspected North Korean applicants in a single year using exactly these signals.

The Federal Response

The Knoot and Prince sentences are the seventh and eighth U.S. convictions in 2026 under the Justice Department's DPRK RevGen: Domestic Enabler Initiative, launched in March 2024. Earlier sentences include nine years for New Jersey facilitator Kejia Wang and 102 months for Arizona laptop farmer Christina Chapman, whose home network supported 309 victim companies.

Final Thought and How OSRS Can Help

The North Korea laptop farm scheme proves that geography is no longer a security control. Identity verification, endpoint telemetry, and vendor due diligence now decide who really sits behind your remote login.

OGUN Security Research and Strategic Consulting LLC (OSRS) helps organizations design and stress-test these defenses. Our services span insider-threat program development, third-party staffing risk assessments, executive briefings on state-sponsored hiring fraud, and incident response support when a suspected operative is already inside your network.

Intelligence. Protection. Strategy.

Enjoyed this article? Share it with your network and subscribe to the OSRS email list for exclusive intelligence briefings. Stay informed by following us on Google News, Twitter, and LinkedIn for more cybersecurity insights and expert analyses.

Author Bio

Dr. Sunday Oludare Ogunlana is Founder and CEO of OGUN Security Research and Strategic Consulting LLC (OSRS), a Professor of Cybersecurity, and a national security scholar who advises global intelligence and policy bodies on cybercrime, insider threat, and state-sponsored sanctions evasion.