WASHINGTON (WKRN) — The U.S. Department of Justice announced Wednesday that two men — including a Nashvillian — have been sentenced in separate cases for helping remote information technology workers from the Democratic People’s Republic of Korea (DPRK).
According to officials, Matthew Isaac Knoot of Nashville, and Erick Ntekereze Prince of New York, both received and hosted laptops at their homes that U.S. companies shipped to IT workers they had hired, who the companies believed were located at those residences.
In addition, Knoot and Prince reportedly installed remote desktop applications on laptops that gave their co-conspirators the ability to work from locations overseas while appearing to the victim companies to be working from the men’s residences.
These separate fraud schemes generated a total of more than $1.2 million in revenue for the DPRK and affected nearly 70 victim companies in the U.S., the DOJ said.
“These sentences hold accountable U.S nationals who enabled North Korea’s illicit efforts to infiltrate U.S. networks and profit on the back of U.S. companies,” said Assistant Attorney General for National Security John A. Eisenberg. “These defendants helped North Korean ‘IT workers’ masquerade as legitimate employees, compromising U.S. corporate networks and helping generate revenue for a heavily sanctioned and rogue regime. The National Security Division will continue to pursue those who, through deception and cyber-enabled fraud, threaten our national security.”
“The FBI and our partners will continue to disrupt North Korea’s ability to circumvent sanctions and fund its totalitarian regime,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “These cases should leave no doubt that Americans who choose to facilitate these schemes will be identified and held accountable. Hosting laptops for DPRK IT workers is a federal crime which directly impacts our national security, and these sentences should serve as a warning to anyone considering it.”
The DOJ said U.S. District Court Judge Darrin P. Gayles for the Southern District of Florida sentenced Prince to 18 months in prison, followed by three years of supervised release, and ordered him to forfeit $89,000, which is the amount the DPRK IT workers paid him for helping with the scheme.
CRIME TRACKER | Read the latest crime-related reports from across Middle Tennessee
As for Knoot, U.S. District Court Judge Eli Richardson for the Middle District of Tennessee sentenced the Nashvillian to 18 months in prison followed by one year of supervised release. In addition, Knoot was ordered to pay $15,100 in restitution to the victim companies, as well as forfeit another $15,100 since that was how much the DPRK IT workers paid him for his assistance, according to officials.
Based on court documents, Knoot ran a laptop farm from his Nashville homes from about July 2022 until August 2023. After the victim companies shipped laptops addressed to “Andrew M.” to Knoot’s residences, he would log onto the laptops, download and install unauthorized applications, and access the companies’ networks without authorization. Those remote applications enabled a North Korean IT worker to work from locations in China while giving the victim companies the impression that “Andrew M.” was working from Knoot’s homes in Nashville.
The DOJ announced in August 2024 that Knoot was indicted and arrested for “participating in a criminal scheme that obtained work for North Korean IT workers from at least four U.S. companies.”
Officials said the victim companies paid the DPRK IT workers associated with Knoot’s laptop farm more than $250,000 for their work between July 2022 and August 2023. Most — if not all — of that money was falsely reported to the Internal Revenue Service and Social Security Administration under the name of the actual Andrew M., whose identity was stolen by the conspirators.
📧 Have breaking news come to you: Subscribe to News 2 email alerts →
“Knoot’s and his conspirators’ actions also caused the victim companies more than $500,000 in costs associated with auditing and remediating their devices, systems, and networks,”
the DOJ explained. “Knoot and the DPRK IT workers conspired to receive payments from the victim companies and transfer those funds to Knoot and to accounts outside of the United States, including accounts associated with North Korean and Chinese individuals.”
Officials said Knoot’s role in the scheme ended when the FBI searched his home in August 2023, after which Knoot made multiple false and misleading statements and destroyed evidence to obstruct the investigation.
“These kind of foreign-based attacks on American businesses will not be tolerated and those involved will be held accountable for their actions,” said U.S. Attorney Braden H. Boucek for the Middle District of Tennessee. “This case demonstrates our coordinated effort with federal law enforcement to protect businesses in Tennessee and across the country.”
The FBI Nashville Field Office investigated the case, which was reportedly prosecuted by former Assistant U.S. Attorney Josh Kurtzman for the Middle District of Tennessee and Trial Attorney Gregory J. Nicosia Jr. of the National Security Division’s National Security Cyber Section, with assistance from Paralegal Specialist Shelby Duty.
⏩ Read today’s top stories on wkrn.com
In a release issued on Wednesday, May 6 about Knoot and Prince’s sentences, the DOJ said, in part:
Today’s announcement represents the Department’s latest actions to combat North Korean IT worker schemes as part of a joint NSD and FBI Cyber and Counterintelligence Divisions effort, the DPRK RevGen: Domestic Enabler Initiative. This effort prioritizes targeting and disrupting the DPRK’s illicit revenue generation schemes and its U.S.-based enablers. The Department previously announced other actions pursuant to the initiative, including in January 2025, June 2025, November 2025, and April 2026.
As described in Public Service Announcements published in May 2024, January 2025, and July 2025, North Korean remote IT workers posing as legitimate remote IT workers have committed data extortion and exfiltrated the proprietary and sensitive data from U.S. companies. DPRK IT worker schemes typically involve the use of stolen identities, alias emails, social media, online cross-border payment platforms, and online job site accounts, as well as false websites, proxy computers, and witting and unwitting third parties located in the U.S. and elsewhere. North Korean IT workers leverage these third parties, which include U.S.-based individuals, to gain fraudulent employment and access to U.S. company networks to generate this revenue.
Other public advisories about the threats, red flag indicators, and potential mitigation measures for these schemes include a May 2022 advisory released by the FBI, Department of the Treasury, and Department of State; a July 2023 advisory from the Office of the Director of National Intelligence; and guidance issued in October 2023 by the United States and the Republic of Korea (South Korea). As described the May 2022 advisory, North Korean IT workers have been known individually to earn up to $300,000 annually, generating hundreds of millions of dollars collectively each year, on behalf of designated entities, such as the North Korean Ministry of Defense and others directly involved in the DPRK’s weapons programs.
According to officials, the U.S. Department of State has offered rewards of up to $5 million for information that helps disrupt the DPRK’s illicit financial activities, including cybercrimes, money laundering, and sanctions evasion.
Copyright 2026 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
For the latest news, weather, sports, and streaming video, head to WKRN News 2.