US Sanctions North Korean Fraud Network

North Korea's Fraudulent IT Workforce Targeted by U.S. Treasury Sanctions

The U.S. Department of the Treasury has imposed sanctions on an international network facilitating fraudulent activities employed by North Korea. This network is utilized to infiltrate U.S. businesses with malicious actors disguised as legitimate job applicants, according to officials.

Combating Deceptive Employment Practices

These sanctions represent the latest effort by the U.S. Treasury to counter North Korean government-backed workers seeking employment within American companies. These individuals utilize falsified identities and documentation during the application process.

Once employed, these hackers not only receive wages but also engage in the theft of sensitive corporate data and the practice of extorting employers through ransom demands.

Financial Gains for the North Korean Regime

The Treasury estimates that this fraud network has generated at least $1 million in revenue for the North Korean government. This is just one of numerous schemes contributing to billions of dollars in illicit funds, including cryptocurrency, used to finance its prohibited nuclear weapons program.

Key Individuals and Entities Sanctioned

As part of this enforcement action, the Treasury has sanctioned Vitaliy Sergeyevich Andreyev, a Russian national. He is accused of collaborating with North Korean operatives to facilitate payments to a company named Chinyong.

Chinyong, previously sanctioned in 2024, is alleged to employ groups of fraudulent IT workers operating from Russia and Laos.

Furthermore, Andreyev reportedly worked alongside Kim Ung Sun, a North Korean consular official stationed in Russia, to launder approximately $600,000 in stolen funds into cryptocurrency for the regime.

Expanding the Scope of Sanctions

The Treasury also sanctioned Shenyang Geumpungri, a Chinese company implicated in employing fraudulent IT workers on behalf of the North Korean government. Additionally, Sinjin, another North Korean front company supporting this scheme, was sanctioned.

North Korea's Persistent Financial Activities

This action is the newest in a series of sanctions aimed at North Korea and those who assist its extensive money-laundering operations. North Korea continues to prioritize the theft of funds and their conversion into cryptocurrency to circumvent restrictions on accessing the global financial system.

Increasing Sophistication of North Korean Tactics

While this scheme isn't novel, North Korean operatives are becoming increasingly adept at securing positions within U.S. and other Western companies.

Over the past few years, security researchers have been raising concerns about these schemes involving North Korean IT workers. CrowdStrike, a security firm, reports that North Korean hackers have infiltrated hundreds of U.S. companies alone, employing deceptive tactics and forged documentation to gain employment.

Implications of the Sanctions

These new sanctions prohibit U.S. companies, and any entities conducting business with them, from engaging in transactions with those listed by the Treasury. The responsibility for ensuring compliance and avoiding the inadvertent hiring of sanctioned individuals falls on the hiring companies.