The U.S. Treasury Department has sanctioned a network of individuals and front companies connected to North Korea‘s Ministry of National Defense. These sanctions target organizations such as Korea Osong Shipping Co., Chonsurim Trading Corporation, and Liaoning China Trade, which have been linked to illegal remote IT work schemes. These companies were involved in generating revenue through fraudulent IT work, which was funneled into supporting North Korea’s weapons programs, including the development of mass destruction weapons and ballistic missiles. The U.S. continues its efforts to disrupt the regime’s destabilizing activities and prevent further illegal activities related to IT work.
The sanctions, enforced by the Treasury’s Office of Foreign Assets Control (OFAC), prohibit U.S. citizens and organizations from conducting transactions with these entities. Any assets associated with these sanctioned individuals and companies in the U.S. will be frozen, and U.S. financial institutions involved in transactions with them could face penalties. Additionally, the State Department is offering up to $5 million in rewards for information that helps dismantle the operations of two other North Korean front companies, Yanbian Silverstar and Volasys Silverstar, which have collectively generated over $88 million in illegal remote IT work in the past six years.
North Korea has developed a network of “IT warriors” who operate under false identities
They secure freelance IT contracts worldwide. These workers, many of whom are based outside North Korea, impersonate U.S.-based IT staff and use U.S.-based laptop farms to access enterprise networks. They circumvent sanctions by pretending to be U.S. employees while funneling earnings back to the North Korean regime, which takes up to 90% of their wages. These schemes have generated hundreds of millions of dollars each year, which is used to fund North Korea’s military and weapons programs.
In addition to securing illicit contracts, some of these IT workers have engaged in further illicit activity by threatening former employers. After being discovered and fired, they have used insider knowledge to extort companies, threatening to leak sensitive data unless paid off. The U.S. government, including the FBI, has repeatedly warned about the risks posed by these workers and has taken action to address the ongoing threat posed by North Korea’s expansive IT operations.