U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs
Summary:
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on two individuals and four entities tied to North Korea’s extensive revenue-generation schemes that directly fund its weapons programs. These operations involve dispatching IT workers worldwide under fraudulent identities to secure freelance contracts for software and mobile application development. The North Korean government confiscates up to 90% of these workers’ earnings, generating hundreds of millions of dollars annually. These funds are funneled into programs developing weapons of mass destruction (WMD) and ballistic missiles, in direct violation of international sanctions.
The sanctioned entities include Department 53, which oversees IT and software-related front companies to generate revenue; Korea Osong Shipping Co., which has operated North Korean IT workers in Laos since at least 2022; Chonsurim Trading Corporation, which manages another group of North Korean IT workers in Laos; and Liaoning China Trade Industry Co., Ltd., a China-based company supplying equipment such as computers, graphics cards, and network devices to support these activities. The sanctions also target Jong In Chol, the head of Chonsurim’s IT worker delegation in Laos, and Son Kyong Sik, a representative of Korea Osong Shipping Co. in China. These front companies and individuals use fake identities and aliases to engage with global clients and carry out software development projects.
Security Officer Comments:
This fraudulent scheme, operational since at least 2018, was brought into the spotlight in 2023 when North Korean IT workers were found infiltrating cryptocurrency and Web3 companies. These operatives compromised corporate networks, stole intellectual property, and increasingly demanded cryptocurrency ransoms to prevent the release of stolen data. Some reports even uncovered insider threats in the U.S., where individuals were paid monthly fees to host laptop farms that supported these operations. Cybersecurity firms, including Google-owned Mandiant, have observed a sharp rise in extortion attempts involving intellectual property theft, with demands for cryptocurrency reaching unprecedented levels.
The IT worker program is just one facet of North Korea’s broader strategy to generate revenue illegally. State-sponsored hacking groups routinely target developers with job-themed phishing lures to deploy malware capable of data and cryptocurrency theft. These activities are part of a wider campaign to sustain the regime’s weapons programs and to fund destabilizing efforts, such as supporting Russia’s war in Ukraine. Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith, emphasized that the United States remains resolute in disrupting these global networks that facilitate North Korea’s illicit operations. These sanctions are the latest measure in an ongoing effort to curtail Pyongyang’s strategic and financial ambitions.
Link(s):
https://thehackernews.com/2025/01/us-sanctions-north-korean-it-worker.html
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on two individuals and four entities tied to North Korea’s extensive revenue-generation schemes that directly fund its weapons programs. These operations involve dispatching IT workers worldwide under fraudulent identities to secure freelance contracts for software and mobile application development. The North Korean government confiscates up to 90% of these workers’ earnings, generating hundreds of millions of dollars annually. These funds are funneled into programs developing weapons of mass destruction (WMD) and ballistic missiles, in direct violation of international sanctions.
The sanctioned entities include Department 53, which oversees IT and software-related front companies to generate revenue; Korea Osong Shipping Co., which has operated North Korean IT workers in Laos since at least 2022; Chonsurim Trading Corporation, which manages another group of North Korean IT workers in Laos; and Liaoning China Trade Industry Co., Ltd., a China-based company supplying equipment such as computers, graphics cards, and network devices to support these activities. The sanctions also target Jong In Chol, the head of Chonsurim’s IT worker delegation in Laos, and Son Kyong Sik, a representative of Korea Osong Shipping Co. in China. These front companies and individuals use fake identities and aliases to engage with global clients and carry out software development projects.
Security Officer Comments:
This fraudulent scheme, operational since at least 2018, was brought into the spotlight in 2023 when North Korean IT workers were found infiltrating cryptocurrency and Web3 companies. These operatives compromised corporate networks, stole intellectual property, and increasingly demanded cryptocurrency ransoms to prevent the release of stolen data. Some reports even uncovered insider threats in the U.S., where individuals were paid monthly fees to host laptop farms that supported these operations. Cybersecurity firms, including Google-owned Mandiant, have observed a sharp rise in extortion attempts involving intellectual property theft, with demands for cryptocurrency reaching unprecedented levels.
The IT worker program is just one facet of North Korea’s broader strategy to generate revenue illegally. State-sponsored hacking groups routinely target developers with job-themed phishing lures to deploy malware capable of data and cryptocurrency theft. These activities are part of a wider campaign to sustain the regime’s weapons programs and to fund destabilizing efforts, such as supporting Russia’s war in Ukraine. Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith, emphasized that the United States remains resolute in disrupting these global networks that facilitate North Korea’s illicit operations. These sanctions are the latest measure in an ongoing effort to curtail Pyongyang’s strategic and financial ambitions.
Link(s):
https://thehackernews.com/2025/01/us-sanctions-north-korean-it-worker.html