Network’s Scheme Harms American Businesses
WASHINGTON — Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation for their roles in a fraudulent information technology (IT) worker scheme orchestrated by the Democratic People’s Republic of Korea (DPRK) government.
“The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. “Under President Trump, Treasury is committed to protecting Americans from these schemes and holding the guilty accountable.”
Today’s action expands on the designation of Chinyong Information Technology Cooperation Company, targeting additional entities in its network and combatting its use of cryptocurrency for sanctions evasion. These designations also build on several other actions OFAC has taken in the last several months to stop the DPRK’s IT worker schemes, including sanctions on July 8 and July 24.
This action is part of the United States’ whole-of-government effort to counter the DPRK’s wide-ranging revenue generation schemes, in close coordination with our allies and partners. As part of that collaboration, the Department of State and the foreign ministries of Japan and the Republic of Korea today issued a joint statement on the threats posed by DPRK IT workers.
DPRK IT WORKFORCE: REVENUE GENERATOR FOR THE REGIME
The DPRK utilizes IT workers to generate revenue for its illicit weapons of mass destruction and ballistic missile programs, in violation of U.S. and United Nations sanctions. The teams of IT workers typically use fraudulent documents, stolen identities, and false personas to deliberately obfuscate their identities and infiltrate legitimate companies, including in the United States and allied countries. The DPRK government claims the majority of the wages earned by these overseas IT workers in order to generate hundreds of millions of dollars for the regime’s weapons of mass destruction and ballistic missile programs. In some cases, these DPRK workers have also clandestinely introduced malware into company networks to exfiltrate proprietary and sensitive data. More information about the tactics utilized by DPRK IT workers and steps that can be taken to protect private networks can be found in the January 23, 2025 Federal Bureau of Investigation Public Service Announcement, North Korean IT Workers Conducting Data Extortion.
Additional information about the use of IT workers to generate revenue for the DPRK can be found in the May 16, 2022 IT Worker Advisory, issued by the Departments of State, Treasury and Justice.
OVerseas it worker network
OFAC’s action today designates an IT worker network that consists of a DPRK-based trading company, a Chinese front company, and two individuals that have provided financial assistance in order to generate revenue for the DPRK regime.
Vitaliy Sergeyevich Andreyev (Andreyev) is a Russian national facilitating payments to U.S.-designated Chinyong Information Technology Cooperation Company (Chinyong), an entity associated with the DPRK defense ministry that employs delegations of IT workers in Russia and Laos. Since at least December 2024, Andreyev has worked with Kim Ung Sun, a Russia-based DPRK economic and trade consular official, to facilitate multiple financial transfers worth a total of nearly $600,000, by converting cryptocurrency to cash in U.S. dollars. Andreyev is being designated pursuant to Executive Order (E.O.) 13687 for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, Chinyong, a person whose property and interests in property are blocked pursuant to E.O. 13687. OFAC is designating Kim Ung Sun pursuant to E.O. 13687 for having acted or purporting to act for or on behalf of, directly or indirectly, the Government of North Korea.
Shenyang Geumpungri Network Technology Co., Ltd (Shenyang Geumpungri) is a Chinese front company for Chinyong, consisting of a delegation of DPRK IT workers. Since 2021, Shenyang Geumpungri’s delegation of DPRK IT workers has earned over $1 million in profits for Chinyong and Korea Sinjin Trading Corporation (Sinjin). Sinjin is a DPRK company subordinate to the U.S.-sanctioned DPRK Ministry of People’s Armed Forces General Political Bureau. The company has received directives from DPRK government officials regarding the DPRK IT workers that Chinyong deploys internationally. OFAC is designating Shenyang Geumpungri pursuant to E.O. 13687 for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Chinyong. Sinjin is being designated pursuant to E.O. 13687 for being owned or controlled by, or having acted or purporting to act for or on behalf of, directly or indirectly, the Government of North Korea.
SANCTIONS IMPLICATIONS
As a result of today’s action, all property and interests in property of the designated or blocked persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of blocked persons.
Violations of U.S. sanctions may result in the imposition of civil or criminal penalties on U.S. and foreign persons. OFAC may impose civil penalties for sanctions violations on a strict liability basis. OFAC’s Economic Sanctions Enforcement Guidelines provide more information regarding OFAC’s enforcement of U.S. economic sanctions. In addition, financial institutions and other persons may risk exposure to sanctions for engaging in certain transactions or activities involving designated or otherwise blocked persons. The prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated or blocked person, or the receipt of any contribution or provision of funds, goods, or services from any such person.
Furthermore, engaging in certain transactions involving the persons designated today may risk the imposition of secondary sanctions on participating foreign financial institutions. OFAC can prohibit or impose strict conditions on opening or maintaining, in the United States, a correspondent account or a payable-through account of a foreign financial institution that knowingly conducts or facilitates any significant transaction on behalf of a person who is designated pursuant to the relevant authority.
The power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to the Specially Designated Nationals and Blocked Persons List (SDN List), but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior. For information concerning the process for seeking removal from an OFAC list, including the SDN List, or to submit a request, please refer to OFAC’s guidance on Filing a Petition for Removal from an OFAC List.
Click here for more information on the persons designated today.
###