Americans Caught Assisting North Korean IT Workers

Published 18 May.2026 15:40(KST)

Using a Home as a Base for Fraudulent Employment
Sentenced to Prison for Aiding Infiltration of U.S. Companies

U.S. courts have handed down consecutive prison sentences to American citizens who assisted North Korean information technology (IT) personnel in obtaining fraudulent employment at U.S. companies and acted as conduits for illegal funding. Legal experts in the U.S. are forecasting that corporate obligations for employment screening and compliance with North Korea-related sanctions will be further strengthened.

Tennessee and Florida, Consecutive Sanctions

On May 1, Judge Eli Richardson of the U.S. District Court for the Middle District of Tennessee sentenced American citizen Matthew Isaac Nutt to 18 months in prison and one year of supervised release for assisting North Korean IT workers in obtaining fraudulent employment. Nutt was also ordered to pay $15,100 in restitution to the victimized companies. The $15,100 he received as criminal proceeds for his assistance was also ordered forfeited.

According to court documents, Nutt operated a "notebook farm" out of his home for approximately one year beginning in July 2022. The victimized companies shipped laptops to Nutt's residence, addressed to "Andrew M." After receiving the laptops, Nutt installed unauthorized remote desktop applications on them.

Through this scheme, North Korean IT workers residing in China and other locations were able to appear as if they were working remotely from Nutt's home in Nashville under the name of Andrew M., thereby accessing the companies' internal networks.

Pixabay

Nutt was also convicted of making false statements and destroying evidence with the intent of obstructing an FBI investigation.

Subsequently, on May 6, Judge Darrin P. Gayles of the U.S. District Court for the Southern District of Florida sentenced Eric Ntekereze Prince, who was charged with similar offenses, to 18 months in prison and three years of supervised release, and ordered the forfeiture of $89,000 received as payment for his assistance.

Prince used his company, Taggcar Inc., to present three North Korean workers as if they were verified personnel and provided them to U.S. companies. Despite knowing that these individuals were using stolen identities and were residing abroad, he continued the scheme. Like Nutt, Prince installed unauthorized remote access software at his home, allowing North Korean personnel to pose as remote workers.

Previously, in January 2025, Prince, U.S. national Emmanuel Asher, Mexican national Pedro Ernesto Alonso de los Reyes, and North Korean nationals Jin Sungil and Park Jinsong were indicted for conspiring to commit employment fraud against more than 64 U.S. companies. According to the U.S. Department of Justice, the victimized companies paid these individuals over $940,000 in salaries, most of which was transferred overseas.

Investigations revealed that North Korean IT workers used stolen identities and AI-based deepfake technology to pass video interviews, and succeeded in coding tests with customized resumes. In particular, when their identities were exposed and they were fired, they would immediately re-enter the market by creating new virtual personas using AI, demonstrating a high level of sophistication.

Recommendations for Risk Management Based on 'Strict Liability'

As these incidents spread, major U.S. law firms such as Wilson Sonsini, Crowell & Moring, and Alston & Bird issued urgent advisories to corporate clients.

These firms especially warned that the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctions operate under a "strict liability" principle. They noted that if a company discovers the fraudulent employment only after the fact and attempts to remit unpaid wages or severance pay according to labor laws, the remittance itself could constitute a violation of North Korea sanctions and be subject to penalties.

Wilson Sonsini emphasized, "Regardless of intent, penalties may be imposed," adding, "Once it is confirmed that the employee is North Korean, any remittance under any pretext may satisfy the requirements for a sanctions violation." This means that even if a company claims ignorance of the worker's nationality, it is difficult to be exempted from liability.

Accordingly, the law firms recommended that companies overhaul their security and hiring protocols. Key recommendations include: conducting unstructured interview questions (such as questions about local geography or weather) that are hard to prepare for in advance during video interviews; thorough identity verification during new hires using I-9 documentation and E-Verify; prohibiting payment of salaries in virtual assets; cross-verifying the authenticity of shipping addresses for corporate devices; and meticulous examination of identification documents for tampering or forgery.

A corporate security attorney stated, "Cases of fraudulent employment using AI will continue to increase not only in the U.S. but globally," adding, "However, outright banning of AI use is a regressive approach; it is important for companies to establish thorough security protocols in advance to minimize trade secret exposure and legal risks."