The U.S. Department of Justice has charged a Nashville resident with helping North Korean hackers gain positions at U.S. and British technology companies.
Matthew Isaac Knoot, 38, is accused of being responsible for the U.S. side of a campaign aimed at giving threat actors positions at high-profile companies in order to steal information and extort ransoms.
Knoot was indicted on August 8 for his “efforts to generate revenue for the Democratic People’s Republic of Korea’s illegal weapons program,” the Justice Department statement said.
He is said to have been responsible for a laptop farm that was used by foreign attackers to conceal their location and thus bypass geofences and other location-based security measures.
Knoot is also accused of hosting company laptops at his residences in the United States, downloading and installing remote desktop applications without authorization to continue his deception and to enable access to company networks.
Matthew G. Olsen, Assistant Attorney General for the National Security Division, explained how Knoot’s role helped finance North Korea’s weapons program.”
“As alleged, this defendant facilitated a conspiracy to trick U.S. companies into hiring foreign IT employees who received hundreds of thousands of dollars that were then funneled to the Democratic People’s Republic of Korea for its weapons program,” he said.
“This indictment should serve as a stark warning to U.S. companies that employ outside IT staff about the growing threat from the Democratic People’s Republic of Korea and show them the need to be vigilant in their hiring practices.”
The charges against Knoot include conspiracy to damage protected computers, money laundering, conspiracy to commit wire fraud, willful damage to protected computers, aggravated identity theft, and conspiracy to illegally employ aliens.
If convicted, he could face a maximum sentence of 20 years in a U.S. federal prison, including a mandatory minimum sentence of two years in prison for aggravated identity theft.
Undercover hackers from North Korea could earn up to $300,000 a year
The Advice The U.S. Department of Justice warned organizations in the U.S. and UK that this case was part of a larger campaign in which the Democratic People’s Republic of Korea had sent thousands of skilled IT professionals to other regions to infiltrate foreign companies.
Henry C. Leventis, U.S. Attorney for the Middle District of Tennessee, said the indictment is the latest example of the Justice Department’s work to protect U.S. national security from cyber threats.
“Today’s indictment, which accuses the defendant of facilitating a complex, multi-year conspiracy that funneled hundreds of thousands of dollars to foreign actors, is the latest example of our office’s commitment to protecting the national security interests of the United States.”
Organizations have fallen for such campaigns before. Last month, cybersecurity training company KnowBe4 published a report on its own experience with the program, describing how it discovered it had inadvertently hired a North Korean hacker posing as a U.S.-based software developer.
Stu Sjouwerman, CEO of KnowBe4, wrote an incident report detailing how the company discovered that the new employee had begun loading malware onto the company’s systems immediately after receiving his company workstation.
Fortunately, the company’s EDR software detected the malicious activity and reported it to the SOC, which immediately launched an investigation and soon determined that the individual was a criminal.
Leventis provided further details on how the campaign is being orchestrated from North Korea and using individuals in the U.S. to help circumvent security.
“North Korea has deployed thousands of highly skilled IT workers around the world to deceive unsuspecting companies and evade international sanctions so it can continue to fund its dangerous weapons program,”
A Consulting in the public sector Officials from the FBI, Treasury Department and State Department said such IT employees earn large sums of money, earning up to $300,000 a year individually and generating hundreds of millions of dollars on an annual basis.