OFAC Targets North Korean IT Scheme Defrauding U.S. Firms

Tech

OFAC Targets North Korean IT Scheme Defrauding U.S. Firms

• OFAC sanctioned six individuals and two firms tied to North Korean IT fraud schemes.
• North Koreas IT schemes stole $800M in 2024, funding nuclear and missile programs.
• DPRK hackers stole $2.02B in crypto in 2025, nearly 60% of global crypto thefts.

The U.S. Department of the Treasurys Office of Foreign Assets Control (OFAC) on March 12 sanctioned six individuals and two companies for running North Korean IT schemes that defrauded American businesses. These operations brought in nearly $800 million in 2024, money the DPRK used to fund its weapons of mass destruction programs.

Secretary of the Treasury Scott Bessent said, “The North Korean regime targets American companies through deceptive schemes carried out by its overseas IT operatives, who weaponize sensitive data and extort businesses for substantial payments.” The designations span North Korea, Vietnam, Laos, and Spain, exposing a global network of IT workers and enablers.

According to the press release, North Koreas IT teams often use fake identities and forged documents to get real jobs at companies abroad. Most of the money these workers earn is taken by the regime and funneled into its nuclear and missile programs.

In some cases, these workers also sneak malware into company systems to steal sensitive information. OFACs sanctions aim to stop this flow of money and protect U.S. businesses, while helping allies defend against these hidden North Korean operations

Key Enablers Across Borders

Amnokgang Technology Development Company, a North Korean IT firm, manages groups of overseas IT workers and buys and sells military and commercial technology. In Vietnam, Nguyen Quang Viet helped convert around $2.5 million into cryptocurrency for North Koreans connected to Amnokgang.

Do Phi Khanh and Hoang Van Nguyen helped a sanctioned North Korean nuclear figure, Kim Se Un, by moving money and setting up bank accounts. In Laos, North Korean national Yun Song Guk manages freelance IT teams and oversees transactions above $70,000. Together, these individuals and companies keep North Koreas illegal IT operations alive, openly violating U.S. and U.N. sanctions.

Sanctions and Crypto Risks

All property and money of the sanctioned individuals and companies in the U.S. have been frozen. Anyone who breaks these rules could face heavy fines or even criminal charges.

Additionally, according to Chainalysis, North Korean hackers stole $2.02 billion in cryptocurrency in 2025 alone, accounting for almost 60% of all crypto thefts worldwide.

Chainalysis warns that North Korea is now going for fewer attacks but much bigger targets. As a result, U.S. companies and international partners need to stay alert and improve their methods for detecting North Koreas money-laundering and cyber schemes.