US Sentenced for Laptop Farms Used by North Korean Remote IT Workers

Two U.S. nationals were sentenced to 18 months in federal prison each for managing laptop farms that facilitated North Korean IT workers in securing remote positions at nearly 70 American companies, according to a Department of Justice announcement reported by BleepingComputer.

The defendants set up physical locations equipped with multiple laptops and network equipment, using stolen personal data of U.S. citizens to create fictitious employee profiles. These profiles were then used to apply for and maintain remote work contracts, allowing the actual North Korean operatives to log in from overseas while the U.S.-based laptops served as proxies to conceal their locations and bypass background-check systems.

The scheme underscores a growing supply-chain risk where legitimate businesses unknowingly hire foreign actors linked to hostile regimes. Security researchers note that such operations not only violate employment and immigration law but also expose the companies to data theft, intellectual-property loss, and potential sanctions violations. The DOJ emphasized that the convictions demonstrate the agency’s commitment to prosecuting actors who enable the Democratic People’s Republic of Korea (DPRK) in circumventing international sanctions.

The case highlights the importance of robust identity-verification processes, continuous monitoring of remote-work activity, and coordination between HR, legal, and security teams to detect anomalies such as mismatched IP addresses or multiple accounts sharing the same device fingerprints. Organizations are advised to implement multi-factor authentication, conduct periodic re-background checks, and leverage threat-intelligence feeds that flag known DPRK-linked personas.