Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
How stolen identities allowed hackers to operate with impunity for a long time.
Recently, the U.S. Department of Justice indicted Nashville resident Matthew Isaac Knuth for his involvement in a scheme orchestrated by North Korea to illegally obtain remote work in the IT sector. Knuth's activities allowed North Korean operators to impersonate U.S. citizens and work for U.S. and British companies.
According to the indictment, the 38-year-old Knuth played a key role in a decades-long conspiracy that allowed IT professionals from North Korea to get remote jobs by pretending to be residents of the United States. These workers, who were mostly based in China, gained access to company systems using stolen American identities.
Knuth facilitated this deceptive scheme by placing laptops provided by companies at his home in Nashville. He installed unauthorized remote access software on them, which allowed operators to operate from overseas, making it appear that they were in the United States.
An investigation by the Department of Justice found that Knuth's laptop farm operated from July 2022 to August 2023. During this period, North Korean IT workers earned more than $250,000 each. These funds were transferred to accounts associated with North Korean and Chinese agents.
The proceeds obtained in this way directly contributed to the financing of North Korea's banned weapons of mass destruction programs. Knuth's actions caused more than $500,000 in damage to companies, mainly due to the cost of auditing and restoring systems.
Assistant Attorney General Matthew G. Olsen highlighted the significant national security threats posed by the scheme and warned U.S. companies of the growing danger posed by North Korea. He also recalled the need to strengthen precautions when hiring employees. These accusations follow the launch in March of this year, the "DPRK RevGen: Domestic Enabler Initiative," aimed at identifying and dismantling operations like Knuth's "laptop farm".
Knuth faces numerous charges, including conspiracy to damage protected computers, money laundering, wire fraud, and identity theft. If convicted, he faces up to 20 years in prison, with a mandatory minimum of two years for identity theft.
The case is part of a broader pattern of cybercrimes carried out by North Korea against U.S. companies. Last month, cybersecurity company KnowBe4 thwarted a North Korean hacker's attempt to break into its IT systems while posing as a software engineer by successfully passing all stages of the vetting process, including video interviews and background checks.
The scam was discovered when KnowBe4's Security Center identified suspicious activity at the workplace of a new employee who had received equipment at an address associated with a network of "laptop farms" similar to the one operated by Knuth.
The growing sophistication of North Korean cybercriminals' operations, as demonstrated in both the Knuth and KnowBe4 incidents, underscores the need for increased security measures in U.S. companies. This includes conducting more thorough background checks, confirming the physical location of remote employees, and closely monitoring inconsistencies in delivery addresses and places of residence.
Source
Recently, the U.S. Department of Justice indicted Nashville resident Matthew Isaac Knuth for his involvement in a scheme orchestrated by North Korea to illegally obtain remote work in the IT sector. Knuth's activities allowed North Korean operators to impersonate U.S. citizens and work for U.S. and British companies.
According to the indictment, the 38-year-old Knuth played a key role in a decades-long conspiracy that allowed IT professionals from North Korea to get remote jobs by pretending to be residents of the United States. These workers, who were mostly based in China, gained access to company systems using stolen American identities.
Knuth facilitated this deceptive scheme by placing laptops provided by companies at his home in Nashville. He installed unauthorized remote access software on them, which allowed operators to operate from overseas, making it appear that they were in the United States.
An investigation by the Department of Justice found that Knuth's laptop farm operated from July 2022 to August 2023. During this period, North Korean IT workers earned more than $250,000 each. These funds were transferred to accounts associated with North Korean and Chinese agents.
The proceeds obtained in this way directly contributed to the financing of North Korea's banned weapons of mass destruction programs. Knuth's actions caused more than $500,000 in damage to companies, mainly due to the cost of auditing and restoring systems.
Assistant Attorney General Matthew G. Olsen highlighted the significant national security threats posed by the scheme and warned U.S. companies of the growing danger posed by North Korea. He also recalled the need to strengthen precautions when hiring employees. These accusations follow the launch in March of this year, the "DPRK RevGen: Domestic Enabler Initiative," aimed at identifying and dismantling operations like Knuth's "laptop farm".
Knuth faces numerous charges, including conspiracy to damage protected computers, money laundering, wire fraud, and identity theft. If convicted, he faces up to 20 years in prison, with a mandatory minimum of two years for identity theft.
The case is part of a broader pattern of cybercrimes carried out by North Korea against U.S. companies. Last month, cybersecurity company KnowBe4 thwarted a North Korean hacker's attempt to break into its IT systems while posing as a software engineer by successfully passing all stages of the vetting process, including video interviews and background checks.
The scam was discovered when KnowBe4's Security Center identified suspicious activity at the workplace of a new employee who had received equipment at an address associated with a network of "laptop farms" similar to the one operated by Knuth.
The growing sophistication of North Korean cybercriminals' operations, as demonstrated in both the Knuth and KnowBe4 incidents, underscores the need for increased security measures in U.S. companies. This includes conducting more thorough background checks, confirming the physical location of remote employees, and closely monitoring inconsistencies in delivery addresses and places of residence.
Source
