Particle.news
Download on the App Store
18 ARTICLES
·
6h ago

U.S., Japan and South Korea Tighten Crackdown on North Korea’s Remote IT Worker Scheme With New Sanctions

Officials say the scheme converts stolen crypto plus remote pay into financing for prohibited weapons.

SEOUL, SOUTH KOREA - 2025/05/09: People watch a 24-hour Yonhap News TV broadcast on a large screen at Seoul Railway Station, showing footage of a joint striking drill involving long-range artillery and missile systems conducted by the Korean People's Army eastern front division at an undisclosed location in North Korea. North Korean leader Kim Jong Un oversaw a joint striking drill involving long-range artillery and a new variant of tactical ballistic missiles, reaffirming the combat readiness of the country’s nuclear forces, state media KCNA reported on May 9. The exercise featured a 600mm multiple rocket launcher and the Hwasongpho-11-Ka tactical ballistic missile. South Korea’s military detected multiple short-range ballistic missile launches from Wonsan between 8:10 and 9:20 a.m. on May 8—North Korea’s fourth missile test of the year. (Photo by Kim Jae-Hwan/SOPA Images/LightRocket via Getty Images)
This file photo, released by Reuters, shows a sign marking the U.S Treasury Department in Washington, D.C., on Aug. 6, 2018. (Yonhap)
Image
Image

Overview

  • The U.S. Treasury sanctioned two individuals and two entities — Kim Ung Sun, Vitaliy Sergeyevich Andreyev, Shenyang Geumpungri Network Technology, and Korea Sinjin Trading Corp. — for facilitating North Korea’s fraudulent IT worker network.
  • Treasury said Andreyev worked with Kim Ung Sun since December 2024 to convert nearly $600,000 in cryptocurrency to U.S. dollars, while the China-based front Shenyang Geumpungri generated more than $1 million in profits for Chinyong and Sinjin since 2021.
  • Washington’s action coincided with a joint U.S.-Japan-ROK statement pledging coordinated countermeasures and warning companies about legal, financial, and reputational risks tied to hiring deceptive DPRK IT operatives.
  • Japan issued an updated alert to industry, South Korea released advisories, and the three governments co-hosted a Tokyo forum on August 26 with Mandiant that brought together over 130 officials and private-sector stakeholders.
  • Officials say North Korean teams use stolen identities, false locations, AI tools, and foreign facilitators to secure freelance and remote roles, then steal data, siphon funds, and conduct ransomware and crypto theft.