U.S. Sanctions Uncover Fraud Scheme Linked to North Korean ‘Remote IT Workers’ in Job Scams and Fund Embezzlement

On Wednesday, officials from the U.S. Treasury announced sanctions against a global fraud network associated with North Korea, which targets American companies by using hackers posing as legitimate job applicants.

These sanctions are part of the U.S. Treasury’s ongoing efforts to counter North Korean government agents who apply for positions in U.S. firms under false identities and credentials. Once they secure employment, these hackers not only earn salaries but also siphon off sensitive information and extort their employers for ransom.

According to a statement issued on Wednesday, the Treasury noted that this fraud network has generated over $1 million in profits for the North Korean regime. This is just one example of numerous schemes contributing to the billions of dollars in illicit revenue, including cryptocurrencies, that fund the nation’s internationally banned nuclear weapons program.

In this recent enforcement action, the Treasury sanctioned Vitaliy Sergeyevich Andreyev, a Russian national accused of cooperating with North Korea to process payments for a company named Chinyong. Chinyong was previously sanctioned in 2024 for employing a group of deceptive IT workers based in Russia and Laos.

The U.S. alleges that Andreyev collaborated with a North Korean consular official in Russia named Kim Ung Sun to launder nearly $600,000 in stolen money into cryptocurrency for the regime.

Additionally, the Treasury placed sanctions on Shenyang Geumpungri, a Chinese company accused of hiring fraudulent IT professionals for the North Korean government, as well as Sinjin, another North Korean front organization involved in the IT worker scheme.

These sanctions represent the latest efforts to target North Korea and its U.S.-based supporters who aid the regime’s extensive money laundering activities. North Korea remains dedicated to stealing resources and converting them into cryptocurrency to circumvent restrictions on access to the global financial system.

Although this scheme isn’t a new occurrence, North Koreans have become increasingly skilled at obtaining positions within U.S. and other Western firms.

In recent years, cybersecurity experts have been raising concerns about North Korean IT worker schemes. Security firm CrowdStrike reports that North Korean hackers have infiltrated hundreds of U.S. companies by using deceptive strategies and forged documents to secure employment.

The new sanctions impose a requirement that U.S. companies, along with any businesses collaborating with them, are barred from engaging with individuals or entities listed by the Treasury. Essentially, this creates a legal responsibility for hiring firms to ensure they do not unintentionally employ North Koreans or other sanctioned entities.