Treasury targets North Korean IT worker network funding weapons programs

Webp johnhurley
John K. Hurley, Undersecretary of the Treasury for Terrorism and Financial Intelligence | U.S. Department Of Treasury

Treasury targets North Korean IT worker network funding weapons programs

ORGANIZATIONS IN THIS STORY

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has announced sanctions against several individuals and entities for their involvement in a fraudulent information technology (IT) worker scheme connected to the Democratic People’s Republic of Korea (DPRK). The action targets Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation.

According to the Treasury Department, these individuals and companies participated in a network that enabled DPRK IT workers to generate revenue for North Korea’s weapons programs. “The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. “Under President Trump, Treasury is committed to protecting Americans from these schemes and holding the guilty accountable.”

This latest round of sanctions builds on previous actions by OFAC against similar networks, including designations made earlier in July 2025. The department stated that today’s measures are part of a broader effort with international partners to counter North Korea’s revenue generation tactics.

The sanctioned network includes a Russian national, Andreyev, who facilitated payments to Chinyong Information Technology Cooperation Company—a firm associated with the DPRK defense ministry—by converting cryptocurrency into cash totaling nearly $600,000 since December 2024. Andreyev worked alongside Kim Ung Sun, a DPRK official based in Russia.

Shenyang Geumpungri Network Technology Co., Ltd is described as a Chinese front company operating on behalf of Chinyong. Since 2021, it has generated over $1 million in profits for both Chinyong and Korea Sinjin Trading Corporation. Sinjin is linked to the DPRK Ministry of People’s Armed Forces General Political Bureau.

The Treasury Department explained that DPRK IT workers often use false documents and stolen identities to secure jobs at legitimate companies worldwide. Their wages are largely claimed by the North Korean government to fund weapons development efforts. In some cases, these workers have introduced malware into company systems to steal sensitive data.

As a result of these sanctions, all property belonging to the designated persons within U.S. jurisdiction is blocked and must be reported to OFAC. Entities owned 50 percent or more by one or more blocked persons are also affected by these restrictions. U.S. persons are generally prohibited from engaging in transactions involving these individuals or entities unless authorized by OFAC.

Violations may lead to civil or criminal penalties for both U.S. and foreign persons involved in prohibited transactions. Financial institutions may also face secondary sanctions if they conduct significant business with those designated.

OFAC noted that its goal with sanctions is not punishment but encouraging positive behavioral change among targeted parties. Guidance on seeking removal from sanction lists is available through OFAC resources.

For further details about this action and those designated today, visit the Treasury Department's website.

ORGANIZATIONS IN THIS STORY