Ethical Hacking News
The U.S. Treasury has imposed new sanctions on two individuals and two entities for their role in a North Korean remote information technology (IT) worker scheme, exposing $600K crypto transfers and $1M+ profits. The Office of Foreign Assets Control targeted Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation for their involvement in the scheme. These sanctions aim to curb the illicit activities of North Korean IT workers and disrupt the regime's efforts to generate illicit revenue through cryptocurrency theft.
OFAC imposed sanctions on two individuals and two entities for their role in the North Korean remote information technology (IT) worker scheme. The sanctions target Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation. The sanctions aim to curb the illicit activities of North Korean IT workers who steal data and demand ransom from American businesses. Chinyong is one of the many IT companies that have deployed IT workers for engaging in freelance IT work and cryptocurrency theft, with offices in China, Laos, and Russia. The sanctions expand on previous sanctions imposed against Chinyong Information Technology Cooperation Company in May 2023.
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has announced a fresh round of sanctions against two individuals and two entities for their role in the North Korean remote information technology (IT) worker scheme. This latest move aims to curb the illicit activities of the regime's IT workers, who have been stealing data and demanding ransom from American businesses.
The sanctions were imposed on Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation. The Office of Foreign Assets Control stated that Andreyev has facilitated payments to Chinyong and has worked with Kim Ung Sun to conduct multiple financial transfers worth nearly $600,000 by converting cryptocurrency to cash in U.S. dollars since December 2024.
The sanctions also target Shenyang Geumpungri, a Chinese front company for Chinyong that consists of a delegation of DPRK IT workers, generating over $1 million in profits for Chinyong and Sinjin since 2021. The Office of Foreign Assets Control added that Sinjin is a DPRK company subordinate to the U.S.-sanctioned DPRK Ministry of People's Armed Forces General Political Bureau.
The sanctions come as part of an ongoing effort by the Treasury Department to protect American businesses from these schemes and hold the guilty accountable. Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley stated, "The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom." He further added that the U.S. Department of the Treasury is committed to protecting Americans from these schemes.
The Office of Foreign Assets Control reported that Chinyong is one of the many IT companies that have deployed IT workers for engaging in freelance IT work and cryptocurrency theft. It has offices in China, Laos, and Russia. The sanctions also expand the scope of sanctions imposed against Chinyong Information Technology Cooperation Company in May 2023.
The IT worker threat, also tracked as Famous Chollima, Jasper Sleet, UNC5267, and Wagemole, is assessed to be affiliated with the Workers' Party of Korea. At its core, the scheme works by embedding North Korean IT workers in legitimate companies in the U.S. and elsewhere, securing these jobs using fraudulent documents, stolen identities, and false personas on GitHub, CodeSandbox, Freelancer, Medium, RemoteHub, CrowdWorks, and WorkSpace.ru.
Select cases have also involved the threat actors clandestinely introducing malware into company networks to exfiltrate proprietary and sensitive data, and extort them in return for not leaking the information. The Office of Foreign Assets Control noted that these actors rely heavily on artificial intelligence (AI)-powered tools like Claude to create convincing professional backgrounds and technical portfolios, tailor resumes to specific job descriptions, and even deliver actual technical work.
Anthropic published a report revealing how the employment fraud operation has leaned heavily on AI-powered tools like Claude. The report stated that "The most striking finding is the actors' complete dependency on AI to function in technical roles." These operators do not appear to be able to write code, debug problems, or even communicate professionally without Claude's assistance. Yet they're successfully maintaining employment at Fortune 500 companies according to public reporting, passing technical interviews, and delivering work that satisfies their employers.
This report highlights the evolving nature of cyber threats and the critical role artificial intelligence plays in these schemes. The Office of Foreign Assets Control's actions demonstrate its commitment to addressing these emerging threats and protecting American businesses from malicious activities.
The sanctions imposed by the U.S. Department of the Treasury are another step in this effort. By targeting key individuals and entities involved in the IT worker scheme, the Office of Foreign Assets Control aims to disrupt the illicit operations and prevent further exploitation.
In addition to imposing sanctions, the Office of Foreign Assets Control is also working to raise awareness about these schemes and their impact on American businesses. The agency's efforts aim to educate companies about the risks associated with remote IT workers and the importance of implementing robust security measures to protect against these threats.
The sanctions announced by the U.S. Department of the Treasury are a significant step in this effort. By targeting key individuals and entities, the Office of Foreign Assets Control can disrupt the illicit operations and prevent further exploitation.
In conclusion, the sanctions imposed by the U.S. Department of the Treasury are an important measure to curb the illicit activities of North Korean remote IT workers. The Office of Foreign Assets Control's actions demonstrate its commitment to addressing emerging threats and protecting American businesses from malicious activities.
Related Information:
https://www.ethicalhackingnews.com/articles/US-Treasury-Imposes-Sanctions-on-North-Korean-Remote-IT-Worker-Scheme-Exposing-600K-Crypto-Transfers-and-1M-Profits-ehn.shtml
https://thehackernews.com/2025/08/us-treasury-sanctions-dprk-it-worker.html
Published: Thu Aug 28 13:49:12 2025 by llama3.2 3B Q4_K_M
