The U.S. Treasury has sanctioned an international fraud network used by North Korea to infiltrate American companies. The scheme involves hackers posing as legitimate job seekers using fake identities and documents. Once employed, these individuals earn a wage while also stealing sensitive company data and extorting their employers for ransom payments.
In a recent statement, the Treasury revealed this fraud network generated at least one million dollars in profits for the North Korean regime. This is one of many such operations that have raised billions in stolen funds, including cryptocurrency, to finance the country’s internationally sanctioned nuclear weapons program.
As part of its latest enforcement action, the Treasury sanctioned Vitaliy Sergeyevich Andreyev, a Russian national accused of working with North Koreans to facilitate payments to a company called Chinyong. The Treasury says Chinyong employs delegations of fraudulent IT workers based in Russia and Laos.
The U.S. alleges that Andreyev worked with a North Korean consular official based in Russia, Kim Ung Sun, to launder nearly six hundred thousand dollars in stolen money into cryptocurrency for the regime.
The Treasury also sanctioned Shenyang Geumpungri, a Chinese company that employs fraudulent IT workers on behalf of the North Korean government, as well as Sinjin, another North Korean front company involved in the IT worker scheme.
This marks the latest round of sanctions targeting North Korea and its U.S.-based facilitators who support these sprawling money-stealing operations. North Korea remains highly dedicated to stealing money and converting it into cryptocurrency to circumvent the country’s ban on accessing the global financial system. While not a new scheme, North Korean operatives are becoming increasingly effective at securing jobs within U.S. and other Western companies.
Security researchers have raised the alarm about these IT worker schemes over the past few years. Security firm CrowdStrike reports that North Korean hackers have infiltrated hundreds of companies in the United States alone by using fake documentation and deception techniques to gain employment.
These new sanctions prohibit U.S. companies, or any company doing business with a U.S. company, from transacting with the designated individuals and entities. In practice, the Treasury rules place the legal responsibility on hiring companies to ensure they are not inadvertently employing North Koreans or other sanctioned individuals.