Illustration depicting cybersecurity threats related to North Korean illicit IT operations.
The U.S. Department of the Treasury has imposed sanctions on Korea Sobaeksu Trading Company and three individuals tied to a fraudulent IT worker scheme supporting North Korea’s nuclear ambitions. The scheme involves sending skilled IT workers abroad who use fake identities to secure remote jobs, generating millions for the regime. This action aligns with efforts to curb North Korea’s financing of its weapons programs and highlights ongoing international challenges in tackling cyber threats from the country.
Washington, D.C. – The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has initiated sanctions against Korea Sobaeksu Trading Company and three individuals linked to a fraudulent remote information technology (IT) worker scheme that generates illicit revenues for the North Korean regime. The individuals sanctioned are Kim Se Un, Jo Kyong Hun, and Myong Chol Min. This action is part of a broader effort to undermine North Korea’s nuclear and ballistic missile financing.
The U.S. and the United Nations have previously imposed sanctions on the Democratic People’s Republic of Korea (DPRK) to limit its ability to finance its controversial nuclear programs. According to OFAC Director Bradley T. Smith, the Treasury is committed to holding accountable those involved in activities that evade sanctions and support the Kim regime’s operations.
The fraudulent IT worker scheme allegedly allows North Korea to send skilled IT workers to various countries, including China, Russia, and Vietnam, to secure remote jobs. Many of these workers use fraudulent documents and stolen identities to gain employment, often adopting fake personas that include references to popular media, such as characters from the film “Despicable Me.”
The Kim regime reportedly retains a large portion of the wages earned by these IT workers, which is estimated to generate hundreds of millions of dollars to bolster its weapons programs. In addition to this, some North Korean IT workers have been involved in cyber activities, including the introduction of malware into company networks, which allows them to steal sensitive and proprietary data.
The latest sanctions follow previous actions taken by OFAC against individuals involved in similar schemes. Notably, Song Kum Hyok, a member of the North Korean hacking group Andariel, was sanctioned earlier for participating in fraud intended to fund the DPRK regime.
In a related legal case, Christina Marie Chapman from Arizona was sentenced to 8.5 years in prison for her role in running a laptop farm that facilitated fraudulent IT workers. Chapman pleaded guilty to the charges against her and was ordered to forfeit $284,556, in addition to paying a judgment of $176,850. Her fraudulent IT worker operation reportedly generated over $17 million in unauthorized revenue from October 2020 to October 2023, impacting several companies, including a major television network, a Silicon Valley tech firm, an aerospace manufacturer, an automotive company, and a luxury retail outlet.
The reach of these North Korean IT worker schemes extends to attempts of securing jobs at two U.S. government agencies. Law enforcement agencies have taken significant action against Chapman, including the seizure of over 90 laptops from her home during an October 2023 raid. Reports suggest she also had an additional 49 laptops overseas, with shipments sent to a city in China near the North Korean border.
The U.S. government is intensifying its campaign against North Korean cyber espionage, with sanctions aimed at freezing assets within U.S. territories, as well as prohibiting transactions with American citizens. To aid this effort, the U.S. Department of State has announced rewards of up to $7 million for information that leads to the arrest or conviction of the sanctioned individuals.
Officials have classified the North Korean IT worker operations as employing thousands of highly skilled workers who operate primarily from Russia and China. The funding from these operations not only supports traditional labor sectors but also involves cryptocurrency projects that facilitate money laundering activities back to the North Korean government.
These developments underscore the ongoing international efforts to curb North Korea’s capabilities in generating revenue for its controversial nuclear and ballistic missile initiatives, highlighting a persistent threat posed by the regime’s illicit activities in the realm of cybersecurity and global business.
News Summary Congressman Greg Stanton is pushing for the release of Kelly Yu, a sushi…
News Summary On July 18, 2025, Arizona marked a significant milestone by approving the first…
News Summary Arizona has been ranked 16th in a recent study evaluating the state's preparedness…
News Summary SpaceX is scheduled to launch 24 Starlink internet satellites on July 26, 2025,…
News Summary Arizona has achieved a significant milestone with a record contribution of $331 million…
News Summary In a strategic move, Democrats in Arizona focus on unseating three Republican incumbents…