The US Treasury Department’s Office of Foreign Assets Control (OFAC) has announced new sanctions on two individuals and two entities for its role in North Korea’s remote information technology (IT) worker scheme to generate illegal revenue for the administration’s mass destruction and ballistic missile programme.
“The North Korean administration continues to target American companies through fraud schemes involving overseas IT workers stealing data and demanding ransom,” said Treasury Secretary John K. Hurley, Treasury Secretary of Terrorism and Financial Information. “Under President Trump, the Treasury Department is committed to protecting Americans from these schemes and maintaining guilty accountability.”
Key players eligible include Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shekenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation. The latest initiative will expand the scope of sanctions imposed on the Chinyong Information Technology Corporation Company in May 2023.
According to insider risk management company DTEX, Chinyong is one of many IT companies that have deployed IT workers to engage in freelance IT work and cryptocurrency theft. We have offices in China, Laos and Russia.
The long-standing IT workers threat, tracked as well as the famous Cholima, Jasper Slidor, UNC5267 and Wagemole, is rated as partnering with the South Korean Workers’ Party. The scheme works by embedding North Korean IT workers in legal businesses in the US and elsewhere and securing these jobs using fraudulent documents, stolen identities and false personas from GitHub, CodeSandbox, Freelancer, Medium, Medile, Crowdworks, Workspace.ru.
Also, in some cases, threat actors secretly introduce malware into their company’s networks, removing their own sensitive data and forcing them in return if they don’t leak information.
In a report released Wednesday, humanity unveiled how employment fraud businesses can lean heavily towards AI-powered tools, creating compelling professional backgrounds and technical portfolios, responding to specific job descriptions and even delivering actual technical work.
“The most impressive discovery is the actor’s complete reliance on AI to function in technical roles,” Humanity said. “It appears that these operators cannot even write code, debug issues, or communicate professionally without Claude’s support. However, they are able to maintain good employment at Fortune 500 companies (via public reporting), pass technical interviews, and provide work to satisfy employers.”
The Treasury Ministry said that Andreiyev, a 44-year-old Russian citizen, will promote payments to Jinyoung and work with official Kim Un Sang of the Russian-based North Korean economic consulate to carry out multiple financial transfers worth almost $600,000, from December 2024 by converting cryptocurrency into US dollar cash.
Added to the department, Shekenyang Geumpungri is Chinyong’s Chinese front company, made up of a delegation of DPRK IT workers, which has generated more than $1 million in profits for Chinyong and Sinjin since 2021.
“Shinjin is DPRK [Democratic People’s Republic of Korea] The Treasury is subordinate to the US-approved General Politics Bureau of the Ethnic Army of the DPRK Province.
The announcement has been just over a month since the Ministry of Finance approved North Korean front company (Korea Sobeksh trading company) and three related individuals (Kim Se Un, Jo Kyong Hun and Myong Chol Min) for their involvement in the IT worker scheme. In parallel, Arizona women were given eight years in prison for running a laptop farm that allowed actors to connect remotely to corporate networks.
Last month, the sector approved Song Kum Hyok, a member of the North Korean hacking group called Andariel, along with Russian citizens (Asatryan LLC, Fortuna LLC, Korea Sonkwang Trading General Corporation and South Korea Saenal Trading Corporation).
Source link
