"Treasury Strikes at Front Companies Fueling North Korea’s IT Worker Fraud Empire"

The U.S. Treasury has imposed sanctions on two companies and two individuals for their alleged roles in a North Korea-led IT worker fraud scheme that spanned across China, Russia, and the Korean Peninsula. Shenyang Geumpungri Network Technology Co. in China and the South Korea Sinjin Trading Corporation were identified as key facilitators of the scam, which reportedly funneled over $1 million into North Korean accounts through falsified IT worker salaries and fraudulent activities. The Treasury’s Office of Foreign Assets Control (OFAC) emphasized that the sanctioned entities and individuals will now face financial freezes and legal consequences for any business dealings with them or their affiliated entities.

The Treasury’s announcement underscored the persistent threat posed by North Korean IT workers who infiltrate American businesses under false pretenses, often leading to data theft and ransom demands. Under Secretary of the Treasury for Terrorism and Financial Intelligence, John Hurley, highlighted the administration’s commitment to countering these schemes and holding perpetrators accountable. The sanctioning of Kim Ung Sun, a Russian-based economic and trade consular official for North Korea, and Vitaliy Sergeyevich Andreyev, a Russian accused of orchestrating the scam, further illustrates the international dimension of the operation.

This action builds on a series of recent U.S. efforts to counter North Korean digital fraud. In May 2025, OFAC targeted Chinese companies that facilitated the placement of North Korean IT workers in Western organizations. In June, the U.S. attempted to recover nearly $8 million in payments sent to the North Koreans through similar fraudulent methods. Earlier in the month, the Department of Justice pursued the recovery of over $1 million stolen from a New York-based business by North Korean IT workers. These efforts reflect an intensifying U.S. response to what cybersecurity firm Mandiant described as a pervasive issue among Fortune 500 companies.

Remote work, which gained widespread adoption post-pandemic, has enabled North Korean actors to expand their tactics beyond traditional cyberattacks and into the realm of embedded staff infiltration. These workers often operate with elevated access to company networks, increasing the potential for data exfiltration and financial exploitation. Mandiant reported that many large corporations have admitted to experiencing North Korean IT worker infiltration, underscoring the severity of the issue.

To complicate matters, North Korean scammers are increasingly leveraging advanced technologies, including deepfake methods, to bypass standard verification procedures during recruitment processes. These tactics have proven effective in deceiving employers and embedding fraudulent IT workers into critical organizations. In response, cybersecurity experts have recommended the implementation of robust verification protocols and continuous staff education to mitigate risks.

The Treasury’s actions have also drawn support from international partners. The Japanese and South Korean governments reportedly cooperated with U.S. authorities in the enforcement of these sanctions. Additionally, the U.S. has joined with regional partners in hosting roundtable discussions to develop countermeasures against the growing threat. These collaborative efforts indicate a broader strategy to address cross-border cybercriminal activities linked to North Korea.