U.S. Sanctions North Korean IT Worker Network Supporting Weapons of Mass Destruction Programs

The U.S. Treasury Department has taken decisive action against a shadowy network of North Korean IT workers accused of funneling illicit revenue to fund the country’s weapons of mass destruction (WMD) and ballistic missile programs. The Office of Foreign Assets Control (OFAC) recently sanctioned two individuals and four entities allegedly tied to schemes that exploit freelance IT work worldwide to generate income for the regime in violation of international sanctions.

North Korea’s Hidden IT Workforce

These North Korean IT workers, operating covertly under false identities, have been securing freelance contracts for tasks like software and mobile app development. While these workers earn wages from unsuspecting clients, the DPRK government reportedly withholds up to 90% of their income, channeling it into state coffers. This system is believed to generate hundreds of millions of dollars annually, directly supporting Pyongyang’s WMD ambitions.

OFAC’s sanctions target:

  • Department 53 of The Ministry of the People’s Armed Forces, which oversees front companies generating IT-related revenue.
  • Korea Osong Shipping Co. and Chonsurim Trading Corporation, both accused of maintaining DPRK IT workers in Laos since at least 2022.
  • Liaoning China Trade Industry Co., Ltd, a Chinese company facilitating IT worker activities by providing essential equipment like computers and network tools.
  • Jong In Chol and Son Kyong Sik, high-ranking individuals managing these illicit operations in Laos and China, respectively.

A Longstanding Illicit Scheme

The exploitation of overseas IT workers is not new. Similar activities were flagged as early as 2018 when OFAC sanctioned companies involved in exporting North Korean labor. These operations, now tracked under names like Famous Chollima, Nickel Tapestry, UNC5267, and Wagemole, gained broader attention in 2023 for their increasing focus on cryptocurrency and Web3 companies.

A Broader Cybersecurity Threat

North Korea’s IT workers not only generate revenue but also pose a serious security risk. Recent investigations revealed:

  • Infiltration of Cryptocurrency Firms: Workers compromised networks, stole intellectual property, and demanded cryptocurrency in exchange for not leaking sensitive data.
  • Insider Threats: Collaborators in countries like the U.S. have reportedly aided these schemes, including running “laptop farms” in exchange for monthly payments.
  • Cyber Espionage: DPRK-linked hacking groups have historically targeted developers with malware-laden job offers to facilitate cryptocurrency theft and espionage.

A Global Push to Disrupt DPRK’s Revenue Streams

The U.S. government remains committed to dismantling these networks. Acting Under Secretary for Terrorism and Financial Intelligence, Bradley T. Smith, emphasized the importance of countering North Korea’s reliance on IT workers to fund its destabilizing activities, including its support for Russia’s war in Ukraine.

This crackdown is just one part of a broader effort to counter North Korea’s illicit financial operations, which include cryptocurrency theft and cyberattacks. Heightened awareness and sanctions are steps toward curtailing Pyongyang’s use of global IT markets to undermine international security.

As North Korea continues to exploit digital platforms and human labor for its WMD programs, businesses worldwide must remain vigilant. By enhancing due diligence and cybersecurity practices, organizations can help curb these covert operations, denying the regime access to critical funding streams.

By Zane
January 17, 2025
Computer Security
English
January 17, 2025
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

Computer Security

North Korean Threat Actor Deploys EarlyRat

Researchers have discovered that the threat actor known as Andariel, aligned with North Korea, utilized a previously unknown malware named EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. In... Read more

June 29, 2023
Malware

North Korean Hackers Reveal the Goldbackdoor Malware

North Korea's hacking groups are among the most notorious cybercrime organizations in the world. The majority of their attacks are either financially or politically motivated. One of the latest payloads they use is... Read more

April 27, 2022
Malware

Chinotto Spyware Targets North Korean Defectors

The Chinotto Spyware is a malicious implant that is being used by the North Korean Advanced Persistent Threat (APT) group known as ScarCruft. This state-sponsored group works in the interest of the North Korean... Read more

November 30, 2021
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.