Inside the North Korean Laptop Farm that Infiltrated U.S. Companies

Case Overview

Two U.S. citizens were sentenced to 108 months and 92 months in prison for operating a North Korean “laptop farm” that generated more than $5 million in revenue, infiltrated over 100 U.S. companies—including Fortune 500 firms—and exfiltrated confidential data such as U.S. defense‑contractor files.

Definition of a Laptop Farm

A “laptop farm” is a physical center composed of a large number of network‑connected laptops that act as a geographic relay station.

Core Principle: Geographic Spoofing

U.S. companies require employees to work from within the United States and to log in with company‑issued laptops. The operators placed dozens of laptops in a house or warehouse on American soil, then remote‑desktop tools (TeamViewer, AnyDesk) were used by overseas North Korean IT personnel to control those machines.

Physical operation: Laptops were neatly arranged and powered continuously, similar to crops in a farm.

Remote control: Remote‑desktop software allowed the overseas operators to log in as if they were on‑site.

Why the Term “Farm”?

Scale: Emphasizes the large number of devices and systematic nature of the operation.

Low‑cost maintenance: Devices ran continuously with only basic power, cooling, and network upkeep, analogous to mining or click farms.

Specific Functions in This Case

Bypassing risk controls: When the North Korean technicians logged into corporate systems, the IP address shown was that of a laptop inside the farm, leading security teams to believe the user was working from a home in Arizona or California.

Package handling: The farm’s owner received onboarding laptops shipped by victim companies, connected them to the farm’s network, and enabled the overseas hackers to operate the devices remotely.