U.S. Nationals Sentenced to 18 Months for Facilitating North Korea’s Remote IT Worker Scheme

The U.S. Department of Justice announced Wednesday that two American nationals, Matthew Issac Knoot and Erick Ntekereze Prince, have been sentenced to 18 months in prison for their roles in facilitating North Korea’s expansive remote IT worker scheme.

Knoot and Prince hosted laptops at their residences, enabling North Korean IT workers to pose as U.S.-based employees while working remotely. The pair’s operations defrauded nearly 70 U.S. companies, generating a combined $1.2 million in revenue for the North Korean regime.

FBI Statement on National Security Impact

"The FBI and our partners will continue to disrupt North Korea’s ability to circumvent sanctions and fund its totalitarian regime. These cases should leave no doubt that Americans who choose to facilitate these schemes will be identified and held accountable. Hosting laptops for DPRK IT workers is a federal crime which directly impacts our national security, and these sentences should serve as a warning to anyone considering it." — Brett Leatherman, Lead, FBI Cyber Division

Case Details: Erick Ntekereze Prince

Prince, based in New York, operated Taggcar, a company contracted to supply IT workers to victim U.S. companies from June 2020 through August 2024.

In November 2025, Prince pleaded guilty to wire fraud conspiracy for his involvement in the scheme. He was indicted in January 2025 along with alleged co-conspirators who secured work for North Korean IT workers at 64 U.S. companies, earning nearly $950,000 in salary payments.

On Wednesday, a federal judge sentenced Prince to 18 months in prison and ordered him to forfeit $89,000, the amount he personally netted from the scheme.

Case Details: Matthew Issac Knoot

Knoot, based in Nashville, Tennessee, was arrested in August 2024, a year after the FBI searched his home. Officials alleged he made false and misleading statements and destroyed evidence to obstruct the investigation.

Victim companies paid North Korean workers linked to Knoot’s laptop farm more than $250,000 from July 2022 to August 2023. The funds were transferred to Knoot and accounts associated with North Korean and Chinese nationals.

On May 1, Knoot was sentenced to 18 months in prison. He was also ordered to pay $15,100 in restitution to victim companies and forfeit an additional $15,100, equivalent to his direct earnings from the scheme.

Broader Crackdown on North Korea’s IT Worker Scheme

The pair’s sentences highlight the U.S. government’s ongoing efforts to dismantle North Korea’s remote IT worker network, which generates hundreds of millions of dollars annually for the regime’s military and weapons programs.

Authorities have intensified countermeasures, including seizing cryptocurrency linked to theft and targeting facilitators who provide forged identities or host laptop farms for North Korean operatives. Despite these actions, the scheme remains widespread, with infiltrations reported in an undetermined number of businesses, including hundreds of Fortune 500 companies.