US Cracks Down on North Korean IT Fraud Facilitators

The US Treasury’s OFAC sanctioned six individuals and two entities for their alleged roles in North Korean government-orchestrated IT worker fraud schemes that target American businesses.

DPRK IT operatives use stolen identities and fabricated personas to secure remote jobs at legitimate Western companies, with the government collecting the majority of their wages.

Why it matters:

• DPRK IT fraud funds weapons of mass destruction programs, tying hiring gaps to national security threats.
• In some cases, DPRK-affiliated workers also planted malware and extorted businesses, compounding cybersecurity risks beyond payroll fraud.
• Foreign financial institutions now face secondary sanctions for processing transactions linked to designated persons.

The details:

• OFAC designated Amnokgang Technology Development Company, a DPRK IT firm managing overseas worker delegations.
• Quangvietdnbg International Services’ CEO reportedly converted around $2.5 million into cryptocurrency for North Koreans between mid-2023 and mid-2025.
• Moreover, DPRK national Yun Song Guk ran freelance IT operations from Boten, Laos, coordinating over $70,000 in transactions.
• Vietnamese nationals Do Phi Khanh and Hoang Van Nguyen laundered IT worker proceeds as proxies for a sanctioned DPRK procurement facilitator.
• Do Phi Khanh also facilitated a counterfeit cigarette deal exceeding $200,000.

The big picture:

• North Korean cyber operations stole over $2 billion in cryptocurrency during 2025, per BeInCrypto reporting.
• DPRK operatives increasingly deploy AI tools and fake Zoom calls to infiltrate crypto firms and steal proprietary data.
• Meanwhile, whistleblowers who report sanctions violations to FinCEN may qualify for awards on enforcement actions exceeding $1 million.