US sanctions Russian national and Chinese company over North Korean IT worker schemes

The U.S. Treasury Department announced new sanctions on Wednesday targeting key players in North Korea’s ongoing scheme to siphon money from companies through IT workers posing as Americans.

The Office of Foreign Assets Control (OFAC) said it is sanctioning Vitaliy Sergeyevich Andreyev, Kim Ung Sun and two companies — Shenyang Geumpungri Network Technology and Korea Sinjin Trading Corporation.

U.S. officials said the sanctions are part of an ongoing effort to punish organizations in the network of Chinyong Information Technology Cooperation, an IT company that employs many of the North Korean IT workers who work in Russia and Laos. 

Chinyong was sanctioned in 2023, and since then the U.S. has targeted several related entities, as well as officials who continue to spin up subsidiaries and shell companies used to funnel IT worker earnings into North Korea’s weapons programs. The company has deep ties to North Korea’s Defense Ministry. 

Andreyev is a Russian national allegedly working with North Korean economic and trade consular official Kim Ung Sun on the money laundering effort. 

“Since at least December 2024, Andreyev has worked with Kim Ung Sun… to facilitate multiple financial transfers worth a total of nearly $600,000, by converting cryptocurrency to cash in U.S. dollars,” the Treasury Department explained. 

OFAC also sanctioned Shenyang Geumpungri, an alleged Chinese front company for Chinyong that employs North Korean IT workers and has earned more than $1 million in profits since 2021. 

The U.S. said it believes Shenyang Geumpungri is working with Korea Sinjin Trading Corporation — an organization housed within North Korea’s Ministry of People’s Armed Forces General Political Bureau.

“[Sinjin] has received directives from DPRK [Democratic People’s Republic of Korea] government officials regarding the DPRK IT workers that Chinyong deploys internationally,” the U.S. claimed. 

The sanctions come one day after the State Department and government officials in Japan and South Korea convened a forum in Tokyo centered on ways the IT worker scheme can be addressed holistically. 

The U.S. issued new sanctions around the IT worker schemes twice last month, and an Arizona woman was hit with an eight-year prison sentence in July for running a laptop farm that enabled North Korean workers to connect remotely to companies’ networks. 

Law enforcement agencies in multiple countries have said North Korea uses stolen identity documents to get their citizens hired at Western companies — earning high-paying technology salaries and using their access to company systems for other money-making scams, including  crypto thefts.  

“The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” said John Hurley, undersecretary of the Treasury for terrorism and financial intelligence.

In a report on Wednesday, AI company Anthropic said its products have been used by teams of North Korean IT workers to secure and maintain remote employment positions at Fortune 500 technology companies.