US sanctions North Korea IT worker networks in Laos, Vietnam

The U.S. Treasury Department sanctioned six people and two companies for their work supporting the North Korean IT worker scheme in multiple countries. 

The latest round of sanctions targeted Amnokgang Technology Development Company — a North Korean company that manages delegations of IT workers — and Quangvietdnbg International Services Company — a Vietnamese firm used by North Korean actors for currency conversion services. The Treasury Department said Quangvietdnbg converted about $2.5 million for Amnokgang between 2023 and 2025. 

North Korea has tasked thousands of its citizens with secretly obtaining employment at U.S. companies and earning high-paying salaries that are then siphoned back to Pyongyang through a web of Chinese and Southeast Asian banks. The IT worker scheme allowed North Korea’s government to earn nearly $800 million in 2024, according to U.S. officials. 

In addition to the sanctioned companies, the measures also target six individuals spread across Vietnam, Laos and Spain. 

The CEO of Quangvietdnbg, Nguyen Quang Viet, was sanctioned alongside Do Phi Khanh and Hoang Van Nguyen — two men accused of opening bank accounts that intake the funds earned by IT workers. 

Thursday’s sanctions also include the disruption of another North Korean network operating out of Boten, Laos. The operation was run by North Korean national Yun Song Guk, who worked with Vietnamese national Hoang Minh Quang to transfer IT worker funds through local bank accounts. 

U.S. officials also accused Yun of working with Spanish national York Louis Celestino Herrera since 2024 to develop freelance IT service contracts. The Spanish Foreign Ministry did not respond to requests for comment about Herrera. 

Yun, Hoang and Herrera were all sanctioned as part of the U.S. actions on Thursday. 

Treasury Secretary Scott Bessent said U.S. agencies will continue to “follow the money” as they root out North Koreans who have been hired for IT work in the U.S. illegally. 

“The North Korean regime targets American companies through deceptive schemes carried out by its overseas IT operatives, who weaponize sensitive data and extort businesses for substantial payments,” Bessent said, adding that some North Korean workers have infected U.S. businesses with malware. 

Several of the people targeted on Thursday had direct financial ties to another North Korean national sanctioned by the U.S. in July 2025. That official, Kim Se Un, is accused of running significant parts of the North Korean IT worker operation in Vietnam and the State Department put a $3 million bounty on his head last year.