- The US Treasury sanctioned Russian Vitaliy Sergeyevich Andreyev and others for aiding North Korea‘s fraudulent schemes targeting American businesses.
- These schemes involve North Korean IT workers overseas who steal data and demand ransom, supporting the regime’s weapons programs.
- Andreyev is linked to Chinyong Information Technology Cooperation Company and associated front companies in Russia, Laos, and China.
- The sanctioned crypto address connected to Andreyev has received over $600,000, tied to the June 2023 Atomic Wallet exploit attributed to North Korea‘s Lazarus Group.
- OFAC’s actions build on previous sanctions from July and include steps to help trace and block related crypto transactions.
On August 27, 2025, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Russian national Vitaliy Sergeyevich Andreyev, a North Korean individual, and two companies for helping North Korea target American businesses with fraud schemes using overseas IT workers. These workers steal data and demand ransom payments.
Andreyev is the only person designated today linked to a cryptocurrency address. OFAC also sanctioned Kim Ung Sun, who reportedly managed financial transfers of nearly $600,000 by converting cryptocurrency to US dollars. The actions build on previous sanctions from July 8 and July 24 aimed at stopping North Korea’s IT worker schemes.
North Korea places IT workers abroad in companies, especially in the crypto and Web3 fields. These workers use fake identities and the remote work culture to work legitimately while sending their pay to fund North Korea’s weapons programs. They also look for opportunities to exploit sensitive data or gain financially.
Andreyev is connected to Chinyong Information Technology Cooperation Company, a North Korean IT employer in Russia and Laos. Other sanctioned companies include Shenyang Geumpungri Network Technology, a Chinese front for Chinyong, and Korea Sinjin Trading Corporation, linked to North Korea’s Ministry of People’s Armed Forces General Political Bureau, which OFAC sanctioned in 2017.
One Bitcoin address tied to these sanctions has received over $600,000 and is linked back to the June 2023 Atomic Wallet exploit, associated with North Korea’s Lazarus Group. The funds move through several addresses and cross-chain bridges, a method North Korean actors use to hide transactions.
Elliptic, a blockchain analytics firm, has updated its tools to allow users to screen and trace transactions involving these sanctioned addresses, helping prevent the processing of funds connected to these individuals.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Commerce Secretary Proposes Putting U.S. GDP Statistics on Blockchain
- Google Confirms Python-Powered Layer-1 Blockchain for Institutions
- AI-Powered Claude Used in Sophisticated July 2025 Data Extortion Attack
- Aave Relaunches Institutional Platform Horizon for Tokenisation Boom
- Elliptic Launches Wallet Risk Tool for Banks Holding Stablecoin Reserves
