The $800M Inside Job: OFAC Sanctions North Korean IT Network Defrauding U.S. Businesses

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued a major sanctions decree targeting the financial backbone of North Korea’s weapons programs. In an action announced today, the Treasury sanctioned six individuals and two entities for their roles in a global network of Democratic People’s Republic of Korea (DPRK) IT workers—a scheme that systematically defrauded U.S. businesses of nearly $800 million in 2024 alone.

The North Korean regime has evolved beyond traditional hacking. Instead, it now deploys overseas IT operatives who use stolen identities, fabricated personas, and fraudulent documentation to gain employment at legitimate American and allied companies.

As Secretary of the Treasury Scott Bessent explained:

“The North Korean regime targets American companies through deceptive schemes carried out by its overseas IT operatives, who weaponize sensitive data and extort businesses for substantial payments.”

Once inside a company’s network, these workers perform their daily duties while funneling the majority of their wages back to the DPRK government. In more malicious scenarios, these operatives have been caught covertly introducing malware into corporate networks to extract proprietary information.

Today’s sanctions specifically highlight how North Korea leverages global facilitators in Vietnam, Laos, and Spain to launder proceeds and procure restricted technology.

• Amnokgang Technology Development Company (DPRK): A central IT firm that manages delegations of overseas workers while illicitly procuring military and commercial technology.
• Nguyen Quang Viet (Vietnam): The CEO of Quangvietdnbg International Services, Nguyen is accused of converting approximately $2.5 million into cryptocurrency for North Koreans between 2023 and 2025, effectively laundering illicit earnings from Amnokgang.
• Do Phi Khanh & Hoang Van Nguyen (Vietnam): Associates of a previously sanctioned nuclear procurement facilitator. They acted as proxies to open bank accounts and enable cryptocurrency transactions for the regime.
• Yun Song Guk (Laos): A DPRK national leading a freelance IT group in Boten, Laos. He worked with facilitators Hoang Minh Quang and York Louis Celestino Herrera to develop contracts and coordinate dozens of financial transactions.

The stakes of these deceptive hiring practices are global in scale. The U.S. government reports that the DPRK appropriates the “majority of the wages” earned by these workers. This revenue is a critical lifeblood for the regime’s weapons of mass destruction (WMD) and ballistic missile programs, directly violating both U.S. and United Nations sanctions.

The Treasury warns that U.S. and foreign persons involved in transactions with these designated entities risk severe civil and criminal penalties. Furthermore, foreign financial institutions that knowingly facilitate significant transactions for these individuals could face secondary sanctions, potentially losing their ability to maintain accounts within the United States.