- The U.S. Treasury sanctioned two people and two companies connected to North Korea’s illegal IT worker program.
- North Korean IT workers are accused of fraud, stealing data, and demanding ransom from U.S. businesses.
- Authorities say these operations use fake identities and Artificial Intelligence to get jobs and carry out attacks.
- The new sanctions target individuals and companies in Russia and China that allegedly helped move cryptocurrency and cash for North Korea.
- Previous and related sanctions targeted similar schemes and individuals tied to North Korean state-backed Hacking operations.
The U.S. Department of the Treasury announced new sanctions on August 28, 2025, against two individuals and two entities for their connection to a North Korean operation using remote IT workers. Officials say this scheme raises money for North Korea’s weapons and missile programs and targets U.S. companies.
The sanctions name Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation. According to the Treasury, these actions expand on earlier sanctions imposed against Chinyong Information Technology Cooperation Company in May 2023. The Treasury stated, “The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” according to John K. Hurley, Under Secretary of the Treasury for Terrorism and Financial Intelligence. For more details, see the official press release.
The Treasury described how these North Korean IT workers, known by investigators as Famous Chollima, Jasper Sleet, UNC5267, and Wagemole, secure jobs using fake documents and identities. They use freelance platforms such as GitHub, Medium, and Freelancer to pose as overseas professionals. Reports say some workers smuggle in Malware to steal company data and extort payments.
A recent report by Anthropic found that these workers rely heavily on artificial intelligence (AI) tools like Claude to create convincing résumés and technical work. Anthropic stated, “The most striking finding is the actors’ complete dependency on AI to function in technical roles… Yet they’re successfully maintaining employment at Fortune 500 companies, passing technical interviews, and delivering work that satisfies their employers.”
Investigations show that Andreyev has worked with Kim Ung Sun, a North Korean consular official in Russia, to move nearly $600,000 in cryptocurrency into U.S. dollars since December 2024. Shenyang Geumpungri, a Chinese company, allegedly acted as a front for deploying North Korean IT workers and generated over $1 million in profits since 2021 for Chinyong and Sinjin. The Treasury claims Sinjin is tied to North Korea’s Ministry of People’s Armed Forces and follows orders related to overseas IT activity.
Previous sanctions targeted related companies and individuals, including a recent case where an Arizona resident received an eight-year sentence for operating a “laptop farm” to facilitate North Korean IT worker access to overseas networks. Last month, sanctions also named a North Korean Hacker from the Andariel group and Russian nationals involved in moving funds for these operations.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Mastercard, Circle Launch USDC/EURC Settlements in EEMEA
- Webull Launches Crypto Trading in Australia With 240 Digital Assets
- Nvidia Q2 Earnings Beat Estimates, Stock Dips Amid China Halt
- Five Golden Rules for Safe AI Adoption and Data Protection at Work
- Ethereum ETFs Outpace Bitcoin With $455M Inflows, Rally Eyes $8K
