US sanctions North Korean IT network aiding weapons program

New sanctions target individuals and companies facilitating illicit IT worker schemes linked to North Korea.

What happened

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on two individuals and two companies for supporting North Korean IT worker operations that undermine U.S. organizations. These schemes place DPRK-linked tech workers, often using fake or stolen identities, into U.S. companies, where they earn money covertly for the North Korean regime. Workers also risk compromising company systems through data theft or sabotage if their identities are discovered.

Going deeper

The sanctioned individuals include Russian national Vitaliy Sergeyevich Andreyev, who facilitated financial transactions for North Korea’s IT worker programs, and Kim Ung Sun, a DPRK consular official in Russia who coordinated fund transfers for these efforts.

Two entities were also sanctioned:

• Shenyang Geumpungri Network Technology Co., Ltd, a Chinese front company housing DPRK IT workers, which generated over $1 million in profit for North Korean state-linked organizations.
• Korea Sinjin Trading Corporation, a sanctioned DPRK firm under the Ministry of People’s Armed Forces, which oversees deployment and earnings from North Korea’s overseas tech labor force.

Bleeping Computer reported that Andreyev used a Bitcoin wallet on a mainstream exchange to convert and launder the IT workers’ cryptocurrency earnings, around $600,000 in total.

What was said

The Treasury Department stated that these actions are part of broader efforts to disrupt North Korea’s revenue channels, particularly those involving cryptocurrency. OFAC reiterated that U.S. persons and companies are barred from doing business with the sanctioned individuals or entities, and that secondary sanctions may apply to international actors aiding these operations.

FAQs

What is a “laptop farm”?

A laptop farm is a setup where multiple devices are controlled remotely or by proxy to simulate various worker locations and identities, helping IT operatives hide their true origin often used by North Korean freelancers.

How do North Korean IT workers infiltrate U.S. companies?

They typically use stolen, fake, or borrowed identities to apply for remote tech jobs, sometimes through third-party freelance platforms, allowing them to operate under the radar.

What are secondary sanctions and who can they affect?

Secondary sanctions apply to non-U.S. individuals or companies that knowingly help sanctioned parties. These penalties can include asset freezes or restrictions on doing business with U.S. firms.

Why is cryptocurrency commonly used in these schemes?

Cryptocurrency offers a semi-anonymous way to move funds across borders without traditional banking oversight, making it useful for laundering or transferring money covertly.

How do these sanctions impact private U.S. businesses?

American companies are prohibited from engaging with the sanctioned entities and individuals. Those that unknowingly hire DPRK IT workers may face reputational damage, legal consequences, or data breaches.