US Treasury Sanctions Four Related to IT Worker Scheme Network Funding North Korea’s Weapons Programs
Published
- OFAC sanctions: OFAC imposed new sanctions in connection with an IT worker fraud scheme generating illicit revenue for North Korea.
- Two individuals: A Russian ethnic and a Russia-based DPRK economic and trade consular official are on the list.
- Two companies: The sanctions also include a Chinese front company and a DPRK company subordinate to a U.S.-sanctioned bureau.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed significant U.S. Treasury sanctions on a network of two individuals and two entities involved in funding the Democratic People’s Republic of Korea's (DPRK or North Korea) illicit weapons programs.
The action targets a sophisticated fraud operation that utilizes North Korean IT workers to generate substantial revenue for the regime.
Sanctioned Individuals and Entities
The OFAC sanctions target four key players in the scheme, two of which are entities. As a result of these sanctions, all property and interests in property of the designated persons within U.S. jurisdiction are blocked and must be reported to OFAC:
- Vitaliy Sergeyevich Andreyev
- Kim Ung Sun
- Shenyang Geumpungri Network Technology Co., Ltd.
- Korea Sinjin Trading Corporation
Vitaliy Sergeyevich Andreyev, a Russian national, and Kim Ung Sun, a Russia-based DPRK economic and trade consular official, were sanctioned for facilitating financial transfers. They worked to convert cryptocurrency into cash, moving nearly $600,000 for the U.S.-designated Chinyong Information Technology Cooperation Company.
Additionally, Shenyang Geumpungri Network Technology Co., Ltd, a Chinese front company, was designated for housing a delegation of DPRK IT workers who generated over $1 million for Chinyong.
The fourth entity, Korea Sinjin Trading Corporation, a DPRK company subordinate to a U.S.-sanctioned bureau, was also sanctioned for its role in directing the overseas IT workers.
“The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley.
Countering Fraudulent IT Worker Schemes
This action is part of a broader U.S. government effort to dismantle the DPRK's revenue streams that support its weapons of mass destruction and ballistic missile programs. The DOJ believes North Korea deploys teams of IT workers who use fraudulent identities to infiltrate companies, including those in the U.S.
These fraudulent IT worker schemes not only generate millions for DPRK weapons funding but also pose a direct threat by introducing malware into corporate networks to exfiltrate sensitive data, including export-controlled military technology.
In July, nine individuals were indicted in Boston, Massachusetts, with one of them arrested, in connection with the infamous IT worker scheme, while a U.S. woman pleaded guilty in a trial that accused her of operating a laptop farm to generate illicit revenue for the DPRK.
In April, TechNadu reported on threat actors posing as IT specialists on Upwork, Freelancer, and Telegram as part of North Korean covert operations expanding to Europe.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular