U.S. Sanctions Target North Korea’s Hidden IT Worker Network and Crypto Laundering

The United States Treasury has imposed new sanctions on people and companies linked to North Korea’s illegal use of remote IT workers. Officials said the scheme is designed to secretly earn money for Pyongyang, which then directs the funds toward its prohibited weapons programs.

The sanctions list names two individuals and two companies accused of running and supporting this network. They are identified as Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd., and Korea Sinjin Trading Corporation. According to the Treasury, these actors have played key roles in generating profits for North Korea.

Investigators found that Andreyev and Kim worked together to convert cryptocurrency into cash. Records showed nearly six hundred thousand dollars in crypto transactions had been processed since late 2024. Authorities believe this activity was carried out specifically to disguise the origin of the money and to move it into North Korean hands.

The Treasury also highlighted Shenyang Geumpungri Network Technology, a Chinese-based company acting as a front for North Korean IT workers. Since 2021, this group alone has generated more than one million dollars in profits, funneling the money back to North Korean organizations. These profits are believed to strengthen entities linked to the regime.

Korea Sinjin Trading Corporation, the other sanctioned entity, has long been tied to the country’s military political bureau. By adding this group to the sanctions list, U.S. officials aim to further restrict its ability to do business abroad and block any access to the international financial system.

The scheme itself is based on North Korean IT workers being placed in legitimate-looking jobs overseas. They often rely on stolen or fake identities to secure contracts, and their wages are secretly redirected back into the network. Some of these workers have also been linked to cyber activities that add to the revenue stream.

Washington has stressed that this action is part of a broader effort with its allies to cut off North Korea’s access to funding. Previous moves targeted similar networks, and this new step builds on the momentum to close loopholes and expose new methods used by the regime.

Analysts note that cryptocurrency continues to play a major role in these operations. Digital assets are used to hide transactions, move funds quickly across borders, and cash out through global exchanges. U.S. officials have repeatedly warned that these tools make it easier for Pyongyang to sustain its illicit networks.

Law enforcement agencies in the United States have also been pursuing related criminal cases. In some instances, they uncovered so-called “laptop farms,” where DPRK workers pretended to be legitimate employees for overseas companies. These investigations show how global and complex the North Korean IT-worker operations have become.

The Treasury emphasized that any U.S. person or business dealing with the sanctioned individuals or companies is prohibited from doing so. Financial institutions that process such transactions risk heavy penalties. The ultimate goal, officials said, is to block the flow of money that North Korea relies on to support its weapons development programs.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news