8 hours ago
2
Summary:
- The U.S. Treasury has sanctioned entities from North Korea, Russia, and China over a scheme to place IT workers into global companies using stolen identities in order to steal data and collect revenue.
- The scheme is intended to funnel money back to North Korea’s weapons program as a workaround to U.S. sanctions.
- Newly sanctioned targets include a Russian national and a Chinese front company.
A crypto scam syndicate involving individuals and entities from North Korea, Russia, and China has been sanctioned by the United States Treasury’s Office of Foreign Assets Control (OFAC) for its alleged participation in a scheme that OFAC says is funneling crypto back to Pyongyang’s weapons programs.
The Treasury announced the sanctions on Wednesday. According to the release, North Korea is attempting to circumvent sanctions by posting IT workers—often using fraudulent and stolen identities—to foreign companies.
According to OFAC, the North Korean regime claims most of the earned wages and diverts them to its weapons programs. Additionally, posted IT workers have allegedly been caught planting malware into company networks and stealing data.
The sanctions follow an earlier move by OFAC in May, where it sanctioned the North Korean Chinyong Information Technology Cooperation Company. According to the OFAC release, the company employs ‘delegations’ of North Korean IT workers to operate in Russia and Laos.
“The DPRK maintains a workforce of thousands of highly skilled IT workers around the world, primarily located in the People’s Republic of China and Russia, to generate revenue that contributes to its unlawful WMD and ballistic missile programs.
“In some cases, DPRK IT workers can each earn more than $300,000 per year. These workers deliberately obfuscate their identities, locations, and nationalities, typically using fake personas, proxy accounts, stolen identities, and falsified or forged documentation to apply for jobs at these companies.”
The scheme involves payments made to the workers in digital assets, which are then converted to U.S. dollars and returned to North Korea.
The latest sanctions cast the net wider, ostensibly capturing more of the scheme. New additions include Russian national named Vitaliy Sergeyevich Andreyev, who is accused of facilitating payments to Chinyong. New sanctions were also implemented against Shenyang Guempungri Network Technology Co Ltd, allegedly a Chinese front company for the Chinyong entity. According to the Treasury release, Shenyang has earned over $1 million in profits.
As a result of the sanctions, all property owned by any of the targeted entities that exist in the U.S. or are in the control of Americans are frozen, as well as any entities in which they control more than 50%. Anyone who transacts with the sanctioned entities is also at risk of being targeted by sanctions.
“The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley.
“Under President Trump, Treasury is committed to protecting Americans from these schemes and holding the guilty accountable.”
Click here for the Treasury’s official notice.
Watch: Digital Asset Recovery takes token recovery seriously
English (US) · 