OFAC Sanctions North Korean IT Worker Network Funding Weapons Programs

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned multiple individuals and entities linked to North Korea’s fraudulent IT worker schemes, which the regime has used to generate illicit revenue for its weapons programs.

In its statement, OFAC confirmed sanctions against Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation. According to the press release, these targets were designated “for their roles in a fraudulent information technology (IT) worker scheme orchestrated by the Democratic People’s Republic of Korea (DPRK) government.”

Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley stated: “The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom. Under President Trump, Treasury is committed to protecting Americans from these schemes and holding the guilty accountable.”

The designations highlight how Pyongyang leverages its overseas IT workforce to funnel funds into weapons development. As OFAC explained: “The DPRK utilizes IT workers to generate revenue for its illicit weapons of mass destruction and ballistic missile programs, in violation of U.S. and United Nations sanctions.”

These IT teams use fraudulent documents, stolen identities, and fake personas to infiltrate legitimate companies, including those in the United States. OFAC warns that “the DPRK government claims the majority of the wages earned by these overseas IT workers in order to generate hundreds of millions of dollars for the regime’s weapons of mass destruction and ballistic missile programs.”

In some cases, workers have gone beyond fraud, embedding malware in corporate networks to exfiltrate sensitive data or conduct extortion.

The press release details a web of actors facilitating the scheme:

• Vitaliy Sergeyevich Andreyev, a Russian national, worked with DPRK consular official Kim Ung Sun to move nearly $600,000 by converting cryptocurrency into cash on behalf of the U.S.-sanctioned Chinyong Information Technology Cooperation Company.
• Shenyang Geumpungri Network Technology Co., Ltd, a Chinese front company, employed DPRK IT workers and funneled over $1 million in profits to Chinyong and Korea Sinjin Trading Corporation since 2021.
• Sinjin, a DPRK state-controlled company tied to the Ministry of People’s Armed Forces, issued directives for overseas IT worker deployment.

OFAC noted that today’s designations “expand on the designation of Chinyong Information Technology Cooperation Company, targeting additional entities in its network and combatting its use of cryptocurrency for sanctions evasion.”

The sanctions block all property and interests of the designated persons within U.S. jurisdiction. Any entity owned 50% or more by these actors is also automatically blocked. As OFAC stressed: “Violations of U.S. sanctions may result in the imposition of civil or criminal penalties on U.S. and foreign persons.”

Additionally, foreign financial institutions risk secondary sanctions if they knowingly facilitate significant transactions for the designated entities. OFAC underscored that the power of its sanctions “derives not only from OFAC’s ability to designate and add persons to the Specially Designated Nationals and Blocked Persons List (SDN List), but also from its willingness to remove persons from the SDN List consistent with the law.”

Related Posts:

• OFAC Sanctions Key Players in North Korea’s Remote IT Worker Scheme Funding Weapons Programs
• Sanctions Risk in Open Source: Linux Foundation Offers Guidance
• The US announces sanctions against Russian individuals and companies tied to worldwide hacking
• DOJ Dismantles North Korean IT Job Scam: Stolen Identities & Laundering Funded DPRK Weapons
• OFAC Sanctions Russian “Bulletproof Host” Aeza Group: Linked to Ransomware, Infostealers & Darknet