The U.S. treasury announced on Wednesday that it has sanctioned an international fraud network used by North Korea to infiltrate U.S. companies with hackers posing as legitimate job seekers. The Treasury said that the fraud network generated at least $1 million in profits for the North Korean regime, one of many such schemes that have helped raise billions of dollars in stolen funds including cryptocurrency to fund its internationally sanctioned nuclear weapons program.
Sanctions were imposed on Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation.
READ: We will change H-1B visas, green card system: Commerce Secretary Lutnick (August 26, 2025)
“The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” Undersecretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley said. “Under President Trump, Treasury is committed to protecting Americans from these schemes and holding the guilty accountable.”
Andreyev, a Russian national, was accused of working with the North Koreans to facilitate payments to a company called Chinyong. The Treasury, which sanctioned Chinyong in 2024, says the company employs delegations of fraudulent IT workers based in Russia and Laos. The U.S. claims Andreyev worked with a North Korean consular official based in Russia called Kim Ung Sun to launder close to $600,000 in stolen money into cryptocurrency for the regime.
Shenyang Geumpungri is a Chinese company which, according to the U.S, also employs fraudulent IT workers on behalf of the North Korean government. Sinjin is another front company for the IT workers’ scheme.
This is the latest round of sanctions targeting North Korea, as well as the U.S.-based facilitators involved in these North Korean schemes. According to security firm Crowdstrike, North Korean hackers have infiltrated hundreds of companies in the United States alone by using fake documentation and deception techniques to gain employment.
The U.S Treasury claims that North Korea utilizes IT workers to generate revenue for its illicit weapons of mass destruction and ballistic missile programs, in violation of U.S. and United Nations sanctions. The teams of IT workers typically use fraudulent documents, stolen identities, and false personas to deliberately obfuscate their identities and infiltrate legitimate companies, including in the United States and allied countries.
The sanctions bar U.S. companies, as well as foreign firms doing business with them, from transacting or working with entities listed by the Treasury. In practice, this places the legal responsibility on employers to ensure they are not inadvertently hiring North Koreans or other sanctioned individuals.