Home / Business and Economy / Treasury Sanctions North Korean Hackers Posing as Job Seekers
Treasury Sanctions North Korean Hackers Posing as Job Seekers
27 Aug
Summary
- North Korean hackers infiltrate U.S. companies using fake identities
- Fraud network generated $1 million in profits for North Korean regime
- U.S. sanctions Russian national and Chinese company aiding the scheme
On August 27, 2025, the U.S. Treasury announced sanctions against an international fraud network used by North Korea to infiltrate American companies. According to the Treasury, North Korean hackers have been posing as legitimate job seekers, using fake identities and documents to gain employment at U.S. firms. Once hired, these hackers earn a wage from the company while also stealing sensitive data and extorting their employers by demanding ransoms.
The Treasury stated that this fraud network has generated at least $1 million in profits for the North Korean regime, which is one of many such schemes that have helped the country raise billions of dollars in stolen funds, including cryptocurrency, to fund its internationally sanctioned nuclear weapons program. As part of the latest round of enforcement, the Treasury sanctioned a Russian national, Vitaliy Sergeyevich Andreyev, who was accused of working with North Koreans to facilitate payments to a company called Chinyong, which employs delegations of fraudulent IT workers based in Russia and Laos.
The U.S. also sanctioned Shenyang Geumpungri, a Chinese company that the Treasury says also employs fraudulent IT workers on behalf of the North Korean government, as well as Sinjin, another North Korean front company for the IT workers' scheme. These sanctions aim to disrupt the North Korean regime's ability to continue these money-stealing schemes, which have become increasingly effective at infiltrating U.S. and other Western companies.
