Treasury sanctions North Korea over remote IT worker schemes | CyberScoop<\/title> <meta name=\"description\" content=\"Treasury announced sanctions Thursday against two people and four entities allegedly involved in illicit remote IT workforce operations.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/treasury-sanctions-north-korea-over-remote-it-worker-schemes\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Treasury sanctions North Korea over remote IT worker schemes\"> <meta property=\"og:description\" content=\"Treasury announced sanctions Thursday against two people and four entities allegedly involved in illicit remote IT workforce operations.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/treasury-sanctions-north-korea-over-remote-it-worker-schemes\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2025-01-16T22:22:17+00:00\"> <meta property=\"article:modified_time\" content=\"2025-01-16T22:22:19+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/treasury-sanctions-north-korea-over-remote-it-worker-schemes-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1024\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1732206022g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1736278014g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1732010462g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ddc036fa194c40cf406f\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/83178\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=83178\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftreasury-sanctions-north-korea-over-remote-it-worker-schemes%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftreasury-sanctions-north-korea-over-remote-it-worker-schemes%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-83178 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/treasury-sanctions-north-korea-over-remote-it-worker-schemes\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.222493887531\">\n<div class=\"single-article__header-content\" readability=\"36.167512690355\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/treasury-sanctions-north-korea-over-remote-it-worker-schemes\/\"> <span>Government<\/span> <\/a> <\/li>\n<\/ul>\n<p> The North Korean office responsible for the scheme, Department 53, was created to funnel money back into the country\u2019s weapons programs. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/83178\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"341\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/treasury-sanctions-north-korea-over-remote-it-worker-schemes.jpg?resize=640%2C341&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Pyongyang, North Korea\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/treasury-sanctions-north-korea-over-remote-it-worker-schemes-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/treasury-sanctions-north-korea-over-remote-it-worker-schemes-2.jpg?resize=300,160 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/treasury-sanctions-north-korea-over-remote-it-worker-schemes-2.jpg?resize=768,410 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/treasury-sanctions-north-korea-over-remote-it-worker-schemes-2.jpg?resize=1024,546 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/treasury-sanctions-north-korea-over-remote-it-worker-schemes-2.jpg?resize=1536,819 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/treasury-sanctions-north-korea-over-remote-it-worker-schemes-2.jpg?resize=600,320 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/treasury-sanctions-north-korea-over-remote-it-worker-schemes-2.jpg?resize=1200,640 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/treasury-sanctions-north-korea-over-remote-it-worker-schemes-2.jpg?resize=1500,800 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"38.408967391304\"><body readability=\"77.502081165453\"><\/p>\n<p>The U.S. Treasury Department announced sanctions Thursday against two individuals and four entities allegedly involved in generating revenue for North Korea through illicit remote IT workforce operations, the latest salvo in ongoing efforts to disrupt financial streams that support Pyongyang\u2019s weapons programs.<\/p>\n<p>The sanctions focus on efforts in which North Korea sent thousands of skilled IT professionals outside of the country to secure freelance jobs under false pretenses and funnel their salaries back to Pyongyang. According to the U.S. Treasury\u2019s Office of Foreign Assets Control (OFAC), the North Korean government took up to 90% of earnings from this labor, directing the funds into programs responsible for developing weapons of mass destruction and ballistic missiles.<\/p>\n<p>According to OFAC, the North Korean office responsible for the scheme, Department 53, was created by the country\u2019s Ministry of National Defense to make money through front companies in various industries like IT and software development, along with selling advanced military communications equipment and weapons. Treasury says that Department 53 was behind two front companies, Korea Osong Shipping Co. and Chonsurim Trading Corporation, that sent IT workers to Laos to gain employment working on various software projects.<\/p>\n<p>OFAC also sanctioned Chinese company Liaoning China Trade Industry Co., Ltd., accusing it of supplying crucial technological equipment to Department 53 in order to facilitate IT operations abroad. Two individuals, Jong In Chol and Son Kyong Sik, were also sanctioned for their roles in running the Department 53 front companies.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>North Korea \u201ccontinues to rely on its thousands of overseas IT workers to generate revenue for the regime, to finance its illegal weapons programs, and to enable its support of Russia\u2019s war in Ukraine,\u201d said Bradley T. Smith, acting under secretary of the Treasury for terrorism and financial intelligence. \u201cThe United States remains resolved to disrupt these networks, wherever they operate, that facilitate the regime\u2019s destabilizing activities.\u201d<\/p>\n<p>The use of North Koreans for remote IT work, albeit unknowingly, has been an ongoing issue the U.S. government has tried to thwart over the past two years. Reports from cybersecurity firms over the past year have found that North Korea <a href=\"https:\/\/cyberscoop.com\/north-korean-it-workers-secureworks-report\/\">goes to great lengths<\/a> to keep the schemes active, creating entire fake networks of employees and companies to provide operatives with work references, redirect payments and, in at least one case, replace other operatives once they were fired or left a company. <\/p>\n<p>Additionally, North Koreans have also found people in the United States willing to aid their schemes. Last August, <a href=\"https:\/\/cyberscoop.com\/north-korea-it-worker-fraud-tennesee-justice-department\/\">a Tennessee man was arrested<\/a> for allegedly using stolen identities to obtain remote work for North Korean nationals, who were masquerading as U.S. citizens. <\/p>\n<p>Additionally, the Justice Department <a href=\"https:\/\/cyberscoop.com\/court-indicts-14-north-korean-it-workers-tied-to-88-million-in-illicit-gains\/\">indicted 14 North Koreans in December<\/a>, after they generated at least $88 million throughout a conspiracy that stretched over approximately six years.<\/p>\n<p>As the government has been public about these schemes, tech companies have been transparent about their efforts to uncover these workers amidst their staff. Security awareness and training software company <a href=\"https:\/\/cyberscoop.com\/cyber-firm-knowbe4-hired-a-fake-it-worker-from-north-korea\/\">KnowBe4 announced in July<\/a> it had found and removed a remote IT worker from its systems after realizing the contractor was North Korean. In October, identity security firm HYPR said <a href=\"https:\/\/cyberscoop.com\/hypr-hired-fraudulent-tech-worker-overseas\/\">it uncovered an employee<\/a> thought to be from Eastern Europe was actually North Korean. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>As is the case with most sanctions, all U.S.-based assets of the involved parties are frozen, and Americans are barred from conducting business with the entities or individuals named. <\/p>\n<p>You can read the full list of sanctioned entities on the <a href=\"https:\/\/ofac.treasury.gov\/recent-actions\/20250116\">Treasury Department\u2019s website<\/a>. <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.0113835376532\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/treasury-sanctions-north-korea-over-remote-it-worker-schemes-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/treasury-sanctions-north-korea-over-remote-it-worker-schemes\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Treasury sanctions North Korea over remote IT worker schemes |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[302,117,647,2911,1271,509],"tags":[306,119,240,2913,1274,511],"class_list":["post-6960","post","type-post","status-publish","format-standard","hentry","category-geopolitics","category-government","category-north-korea","category-north-korean-it-workers","category-sanctions","category-treasury-department","tag-geopolitics","tag-government","tag-north-korea","tag-north-korean-it-workers","tag-sanctions","tag-treasury-department"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/north-korea\/\" rel=\"category tag\">North Korea<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/north-korean-it-workers\/\" rel=\"category tag\">North Korean IT workers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sanctions\/\" rel=\"category tag\">sanctions<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/treasury-department\/\" rel=\"category tag\">Treasury Department<\/a>","tag_info":"Treasury Department","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6960","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6960"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6960\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6960"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6960"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6960"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":6960,"date":"2025-01-16T16:22:17","date_gmt":"2025-01-16T22:22:17","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=83178"},"modified":"2025-01-16T16:22:17","modified_gmt":"2025-01-16T22:22:17","slug":"treasury-sanctions-north-korea-over-remote-it-worker-schemes","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/01\/16\/treasury-sanctions-north-korea-over-remote-it-worker-schemes\/","title":{"rendered":"Treasury sanctions North Korea over remote IT worker schemes"},"content":{"rendered":"