Sting nails two front firms in Nork IT worker scam

August 27, 2025 TH Author

The US Treasury Department has announced sanctions against two Asian companies and two individuals for allegedly helping North Korean IT workers fake their way into US jobs.

In an announcement on Wednesday, the Treasury said that Shenyang Geumpungri Network Technology Co in China and the [South] Korea Sinjin Trading Corporation had funneled over $1 million to the North Koreans using fake IT workers’ salaries and thefts. The State Department added that the Japanese and South Korean governments cooperated with the State Department to aid the action.

“The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John Hurley in a canned statement. “Under President Trump, Treasury is committed to protecting Americans from these schemes and holding the guilty accountable.”

The Register asked, but the Treasury Department had no further comment at this time.

The US will now seize any funds funneled through these companies, and authorities will hold anyone doing business with them — or a subsidiary more than 50 percent owned by them — liable for criminal and civil action.

The US has also sanctioned two individuals, Kim Ung Sun, a Russia-based economic and trade consular official for North Korea, and Vitaliy Sergeyevich Andreyev, a Russian accused of masterminding the scam.

After years of inaction, the US finally appears to be getting its act together in combating North Korea’s push to plant IT workers in US orgs. In May, the Treasury’s Office of Foreign Assets Control (OFAC) moved against Chinese businesses pushing North Korean IT staff out to Western companies and, in June, the US attempted to recover nearly $8 million in payments sent to the North Koreans from such fraud.

Then, earlier this month, the US Department of Justice tried to claw back over a million bucks stolen from a New York business after Nork admins got hired and then pillaged the company.

But stopping the problem won’t be easy. After the Covid lockdown, remote work became more popular and the Norks have leveraged their coding skills to move away from the standard criminal extortion attacks to embedding staff in key targets. Not only do they bring in tech-level salaries, but also get free rein on their employers’ networks, enabling larger thefts.

“Almost every CISO of a Fortune 500 company that I’ve spoken to — I’ll just characterize as dozens that I’ve spoken to — have admitted that they had a North Korean IT worker problem,” Google’s security biz Mandiant told The Register last month.

Mandiant had no comment on the sanctions announced today, but hosted a roundtable with the US, Japanese, and South Korean authorities on Tuesday, talking about strategies to counter the threat.

US citizens who want quick cash enable the Nork IT workers by helping to cover up their crimes. Co-conspirators run so-called laptop farms in the US to hide the fact that the IT admin companies thought they were hiring is in fact based overseas. Farm hosts have faced lengthy prison sentences.

In the meantime, the North Koreans are upping their game, using deepfake technology to fool employers, sometimes repeatedly. And, despite claims that you can detect the fake applicants by asking about Kim Jong Un, verification of staff is something HR departments really need to work on. ®