US sanctions fraud network used by North Korean ‘remote IT workers’ to seek jobs and steal money

The U.S. Treasury has taken decisive action against a global fraud network employed by North Korea, which has been infiltrating American companies through hackers masquerading as legitimate job applicants. This latest round of sanctions, announced on Wednesday, is part of ongoing efforts to thwart North Korean operatives from using false identities to secure employment in the U.S. Once hired, these cybercriminals not only receive salaries but also engage in stealing sensitive information and extorting their employers for ransom. According to Treasury officials, this fraudulent network has reportedly generated over $1 million for the North Korean regime, contributing to a broader scheme that has reportedly raised billions in illicit funds, including cryptocurrency, to advance its nuclear weapons program despite international sanctions. As part of these sanctions, Vitaliy Sergeyevich Andreyev, a Russian individual, has been identified as a key facilitator in this operation, allegedly helping to process payments for a company named Chinyong, which was itself sanctioned in 2024. The Treasury claims that Chinyong has been employing fraudulent IT workers from Russia and Laos on behalf of North Korea. Moreover, Andreyev is said to have collaborated with Kim Ung Sun, a North Korean consular official in Russia, to launder nearly $600,000 in stolen funds into cryptocurrency for the regime. Additional sanctions have been placed on Shenyang Geumpungri, a Chinese firm implicated in the scheme, as well as Sinjin, another North Korean front company involved in recruiting IT workers. These measures represent a continuation of the U.S. government's commitment to dismantling North Korea's extensive operations aimed at stealing wealth and converting it into cryptocurrency to bypass restrictions on their access to the global financial system. Security experts have raised concerns over the increasing effectiveness of North Korean cyber operatives in securing positions within U.S. and Western companies. CrowdStrike, a cybersecurity firm, has previously warned that North Korean hackers have successfully infiltrated numerous U.S. businesses by employing deception tactics and counterfeit documentation. The implications of these sanctions mean that U.S. companies, as well as any businesses engaging with them, are now legally prohibited from dealing with the entities listed by the Treasury. Consequently, hiring firms must exercise due diligence to avoid inadvertently employing sanctioned individuals from North Korea.