The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions targeting a network of North Korean facilitators coordinating IT worker schemes that generated nearly USD 800 million in 2024, according to the agency’s designation.
The action, announced yesterday, targeted six individuals and two businesses operating across the Democratic People’s Republic of Korea (DPRK), Vietnam, Laos, and Spain. Seven cryptocurrency addresses linked to Amnokgang Technology Development Company processed over USD 12 million in transactions, according to blockchain analysis firm TRM.
OFAC designated Amnokgang Technology Development Company, a DPRK-based IT firm managing overseas worker delegations, and Quangvietdnbg, a Vietnam-based currency conversion service facilitating North Korean illicit earnings. The sanctions also targeted six individuals, including Yun Song Guk, a DPRK national who led IT workers operating from Laos and coordinated financial transactions totaling more than USD 70,000 related to IT services.
OFAC amended existing sanctions against Sim Hyon-Sop, a DPRK national previously designated in 2023 for coordinating financial transfers on behalf of Korea Kwangson Banking Corp. The newly designated cryptocurrency addresses associated with Sim remain active in laundering hack proceeds and IT worker salaries, according to TRM analysis, and have transacted with Iran’s Revolutionary Guards Corps (IRGC).
The designated network operated what OFAC describes as government-orchestrated schemes in which North Korean nationals pose as remote freelancers using stolen identities, fraudulent documents, and fabricated personas to secure positions at foreign companies, including US-based firms. The revenue generated flows directly to fund the DPRK’s weapons of mass destruction (WMD) and ballistic missile programs.
According to TRM analysis of on-chain data, the Amnokgang-designated addresses interacted with high-risk cryptocurrency exchanges, Chinese darknet markets, and previously sanctioned entities including Cheil Credit Bank. The crypto infrastructure enabled cross-border fund movement and proceeds laundering across multiple jurisdictions.
Treasury officials emphasized that DPRK IT worker activity represents a broader sanctions, financial crime, and national security risk rather than isolated employment fraud. The persistence of actors like Sim Hyon-Sop—continuing operations despite his designation—demonstrates the adaptive nature of these networks.
For the private sector, the designations signal that companies hiring remote technical talent face potential sanctions exposure if they inadvertently employ North Korean nationals. OFAC enforcement indicates that strengthened identity verification, compliance controls, and transaction monitoring are now critical compliance requirements for organizations engaging remote IT workers.
Treasury officials indicated continued pressure on actors linked to IT worker fraud and proliferation-related procurement. The amendments to Sim Hyon-Sop’s designation suggest ongoing monitoring of evolved financial networks used by sanctioned facilitators to maintain operational capacity.
Follow Hashlytics on Bluesky, LinkedIn , Telegram and X to Get Instant Updates
