U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits

U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits

Briefly

OFAC imposed sanctions on two individuals and two entities for involvement in a North Korean remote IT worker scheme that generates illicit revenue for weapons of mass destruction and ballistic missile programs. The targeted individuals and firms include Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation, and the action broadens prior measures against Chinyong Information Technology Cooperation Company. Chinyong is linked to deploying IT workers for freelance work and cryptocurrency theft and maintains offices in China, Laos, and Russia. The scheme embeds North Korean IT workers in legitimate companies using fraudulent documents, stolen identities, and false online personas across multiple development and freelancing platforms, sometimes introducing malware to exfiltrate data and extort victims. The activity is tracked under multiple cluster names and is assessed to be affiliated with the Workers' Party of Korea, prompting Treasury actions to protect U.S. businesses and hold perpetrators accountable.