The U.S. Treasury Department sanctioned four entities and individuals on Wednesday for orchestrating fraudulent IT worker schemes that reportedly fund North Korea’s weapons programs.
The network allegedly stole data from American businesses and demanded ransom payments, converting nearly $600,000 through cryptocurrency.
The sanctions target a sophisticated operation that deploys North Korean IT workers using fake identities to infiltrate legitimate companies worldwide. Treasury officials say the regime claims most of the wages earned by these workers, generating hundreds of millions for its ballistic missile and nuclear weapons development.
“The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. “Under President Trump, Treasury is committed to protecting Americans from these schemes and holding the guilty accountable.”
Those sanctioned include Russian national Vitaliy Sergeyevich Andreyev and North Korean consular official Kim Ung Sun, who facilitated cryptocurrency-to-cash conversions. The Treasury also designated Chinese front company Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation, a firm controlled by North Korea’s military.
Since 2021, the Chinese front company’s IT workers earned over $1 million for North Korean entities. The workers used fraudulent documents and stolen identities to gain employment at unsuspecting companies.
In some cases, these workers planted malware in company networks to steal proprietary data. The FBI warned in January that North Korean IT workers increasingly engage in data extortion after infiltrating organizations.
Wednesday’s action freezes all U.S. assets of the sanctioned parties and prohibits Americans from doing business with them. Foreign banks risk secondary sanctions for facilitating transactions with the designated entities.
The sanctions expand on previous Treasury actions against North Korean IT schemes in July. The State Department coordinated with Japan and South Korea to issue a joint statement on the threat posed by these workers.
Treasury officials emphasized that sanctions aim to change behavior, maintaining a process for entities to petition for removal from sanctions lists if they demonstrate changed practices.