The U.S. Treasury has sanctioned an international fraud network used by North Korea to infiltrate U.S. companies with hackers posing as legitimate job seekers, agency officials announced Wednesday.
The sanctions are the latest action taken by the U.S. Treasury in recent months aimed at combating North Korean government workers from seeking employment at American companies using fake identities and documents to apply for jobs. Once employed, the hackers earn a wage from the company, but also steal sensitive company data and extort their employers by demanding a ransom.
In a statement Wednesday, the Treasury said the fraud network generated at least $1 million in profits for the North Korean regime, one of many such schemes that have helped raise billions of dollars in stolen funds, including cryptocurrency, to fund its internationally sanctioned nuclear weapons program.
As part of its latest round of enforcement, the Treasury sanctioned Vitaliy Sergeyevich Andreyev, a Russian national accused of working with the North Koreans to facilitate payments to a company called Chinyong. The Treasury, which sanctioned Chinyong in 2024, says the company employs delegations of fraudulent IT workers based in Russia and Laos.
The U.S. says Andreyev worked with a North Korean consular official based in Russia called Kim Ung Sun to launder close to $600,000 in stolen money into cryptocurrency for the regime.
The Treasury sanctioned Shenyang Geumpungri, a Chinese company that the U.S. says also employs fraudulent IT workers on behalf of the North Korean government, as well as Sinjin, another North Korean front company for the IT workers’ scheme.
This is the latest round of sanctions targeting North Korea, as well as the U.S.-based facilitators who help support the North Korean’s sprawling money-stealing schemes. North Korea remains highly dedicated to stealing money and converting it into cryptocurrency to skirt the country’s ban on accessing the global financial system.
While the scheme is not new, North Koreans are increasingly effective at getting jobs at U.S. and other Western companies.
Security researchers in the past couple of years began raising the alarm about the North Korean IT workers’ schemes. Security firm CrowdStrike says North Korean hackers have infiltrated hundreds of companies in the United States alone by using fake documentation and deception techniques to gain employment.
The new sanctions mean U.S. companies, or any company doing business with a U.S. company, are barred from transacting or working with those listed by the Treasury. In practice, the Treasury rules put the legal responsibility on hiring companies to ensure they are not hiring North Koreans or other sanctioned individuals by mistake.
