US Prosecutors Expose North Korea IT Worker Scheme as Laptop Farmers Operate Remote Fraud Network Across United States Companies

US prosecutors are slowly piecing together a wider picture of how North Korea-linked IT workers have been slipping into American companies through remote jobs.

What looked like ordinary hiring on the surface has, in several cases, turned into a structured infiltration system backed by US-based intermediaries.

Over the past five months alone, authorities say eight people have been sentenced for acting as local “facilitators” who helped these overseas workers appear legitimate to US employers.

The “Laptop Farmer” Role Behind the Scenes

At the center of the scheme are individuals prosecutors describe as “laptop farmers.”

These are people based in the United States who receive company-issued laptops meant for newly hired remote employees.

Instead of handing the devices directly to the workers, they set them up in their homes, install remote desktop software, and keep them running.

Once configured, the North Korean IT workers log in from abroad and operate the systems as if they are physically inside the US.

It’s a surprisingly simple setup on paper, but it has proven effective in bypassing hiring controls at companies that rely heavily on remote onboarding.

Two Recent Sentences Highlight the Scale of the Operation

This month alone, two cases stood out.

The US Department of Justice announced that Matthew Issac Knoot of Nashville and Erick Ntekereze Prince of New York were each sentenced to 18 months in prison for their roles in the scheme.

Both men admitted to helping North Korean workers secure remote positions at American companies and maintaining the infrastructure that allowed them to operate undetected.

Prince was ordered to forfeit about $89,000 earned through the arrangement, while Knoot was required to pay restitution and forfeit around $15,100.

Altogether, prosecutors say their activities helped generate roughly $1.2 million for North Korea and impacted nearly 70 US companies.

Why North Korea Targeted Remote Tech Jobs

According to US investigators, North Korea’s remote worker network has increasingly focused on technical roles—especially in cryptocurrency and blockchain companies.

Suggested Readings (News continues below)

Coinbase Reports Massive Loss in United States as Crypto Exchange Records $394 Million Drop After Sharp Market Slump in 2026

Prince William Boosts Aston Villa Dramatically as Club Overturns Nottingham Forest in Thrilling Europa League Battle at Villa Park

Israeli Military Redrafts Gaza War Plans as Hamas Rebuilds Power Structure Across Gaza Strip Amid Rising Security Fears

Police Complete Investigation and Forward Teen Murder Case Files in Shocking Petah Tikva Pizzeria Stabbing Incident in Israel

The goal is not just salaries. In many cases, the workers are also positioned to learn internal systems, identify weaknesses, or gain access to digital assets that can later be exploited.

The Federal Bureau of Investigation’s cyber division has previously warned that these operations are designed to quietly generate foreign currency for the North Korean government while blending into the global remote work economy.

A Pattern of Longer-Term Operations Emerging

These recent cases are not isolated. In a separate sentencing last month, two New Jersey residents received lengthy prison terms after running laptop farms for several years.

That operation reportedly involved stolen identities of around 80 individuals and generated more than $5 million for North Korea.

The scale suggests a coordinated system rather than scattered incidents, with facilitators acting as essential nodes inside the United States.

Growing Evidence of Automation and AI Use

Cybersecurity researchers have also observed another shift: the use of artificial intelligence by North Korean-linked workers.

A recent CrowdStrike report noted a sharp 220% increase in companies unknowingly hiring such workers over a 12-month period.

In more than 320 cases, these workers successfully infiltrated organizations by passing as legitimate remote employees.

AI tools are reportedly being used to generate resumes, pass technical interviews, and even manage day-to-day work tasks more efficiently—making detection harder for employers.

Impact and Consequences

The financial and security impact is spreading beyond just payroll fraud.

Companies affected may unknowingly grant access to sensitive systems, internal data, or crypto infrastructure.

For US authorities, the concern is twofold: first, the direct funding of North Korea’s government programs, and second, the long-term risk of embedded access inside tech firms.

The cases also highlight weaknesses in remote hiring systems, especially in fast-growing sectors like crypto where onboarding can be rapid and verification inconsistent.

What’s Next?

Prosecutors are expected to continue expanding investigations as more facilitators and company cases are uncovered.

Given the pattern of sentencing over recent months, additional arrests and charges are likely.

At the same time, companies are under growing pressure to tighten remote hiring checks, including identity verification, hardware tracking, and stricter onboarding procedures.

Security agencies are also pushing for more awareness around “laptop farm” operations, which are now seen as a key enabler of the broader scheme.

Summary

US authorities have uncovered an expanding network of North Korean-linked remote IT workers infiltrating American companies through US-based intermediaries.

These “laptop farmers” help create the illusion of domestic employment while enabling overseas access to corporate systems.

Recent sentencing shows the operation has generated millions of dollars and affected dozens of companies.

Bulleted Takeaways

• US prosecutors say eight people were sentenced in five months for aiding North Korean remote IT schemes
• US-based “laptop farmers” host and maintain company laptops for overseas workers
• Two recent defendants received 18-month prison sentences
• The scheme generated about $1.2 million and affected nearly 70 US companies
• North Korea-linked workers target tech and crypto companies for financial gain and system access
• Some operations have lasted years and used stolen identities at large scale
• Cybersecurity firms report a 220% rise in companies unknowingly hiring these workers
• AI tools are increasingly used to automate job applications and conceal identities
• Authorities expect further arrests and stronger corporate security measures ahead