The U.S. Treasury Department has imposed sanctions on a network of North Korean IT workers, accusing them of generating illicit revenue to support the country’s weapons of mass destruction (WMD) programs. This action highlights ongoing efforts to disrupt North Korea’s financial operations that contribute to its military ambitions.
Key Takeaways
- The U.S. sanctioned two individuals and four entities linked to North Korea’s IT worker network.
- These workers allegedly conceal their identities to secure freelance contracts globally.
- The North Korean regime reportedly retains up to 90% of the wages earned by these workers.
- The sanctions are part of a broader strategy to counter North Korea’s funding of WMD and ballistic missile programs.
Overview Of The Sanctions
On January 17, 2025, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against individuals and entities involved in a scheme that dispatches North Korean IT workers worldwide. These workers are said to engage in various IT projects, including software and mobile application development, while hiding their true identities.
The Treasury Department stated that the North Korean government exploits these overseas workers, withholding a significant portion of their earnings to fund its military programs. This operation is believed to generate hundreds of millions of dollars annually for the Kim regime.
Entities And Individuals Sanctioned
The sanctions target several key players in this network:
- Department 53 of The Ministry of the People’s Armed Forces – Allegedly generates revenue through front companies related to IT and software development.
- Korea Osong Shipping Co – A front company that has maintained North Korean IT workers in Laos since at least 2022.
- Chonsurim Trading Corporation – Another front company that has facilitated the deployment of DPRK IT workers in Laos.
- Liaoning China Trade Industry Co., Ltd – A China-based company that has supplied equipment to support the activities of North Korean IT workers abroad.
- Jong In Chol – President of Chonsurim’s DPRK IT worker delegation in Laos.
- Son Kyong Sik – Chief representative of Korea Osong Shipping Co in China.
These entities are accused of using false identities to communicate with clients and execute software development projects globally.
Background Of The IT Worker Scheme
The fraudulent IT worker scheme has gained attention since 2023, although it is believed to have been operational since at least 2018. Previous sanctions were imposed on companies like Yanbian Silverstar and Volasys Silver Star for similar activities.
Cybersecurity experts have identified this operation under various monikers, including Famous Chollima, Nickel Tapestry, UNC5267, and Wagemole. Recent analyses indicate that North Korean IT workers are increasingly infiltrating cryptocurrency and Web3 companies, posing significant risks to their networks and operations.
Implications Of The Sanctions
The U.S. government’s actions reflect a commitment to disrupting North Korea’s financial networks that support its destabilizing activities. Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith, emphasized the importance of targeting these networks to prevent the regime from financing its illegal weapons programs and supporting global conflicts, such as Russia’s war in Ukraine.
The sanctions serve as a reminder of the ongoing challenges posed by North Korea’s cyber operations and the need for continued vigilance in the face of evolving threats. As the situation develops, the international community will be watching closely to see how these measures impact North Korea’s capabilities and its ability to fund its military ambitions.
Sources
- U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs, The Hacker News.