Treasury Sanctions Facilitators of DPRK IT Worker Fraud Targeting U.S. Businesses

WASHINGTON-Today, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned six individuals and two entities for their roles in Democratic People's Republic of Korea (DPRK) government-orchestrated information technology (IT) worker schemes that systematically defraud U.S. businesses and generate revenue to fund the DPRK's weapons of mass destruction (WMD) programs, including nearly $800 million in 2024.

"The North Korean regime targets American companies through deceptive schemes carried out by its overseas IT operatives, who weaponize sensitive data and extort businesses for substantial payments," said Secretary of the Treasury Scott Bessent. "Under President Trump's leadership, Treasury will continue to follow the money in order to protect U.S. businesses from these malicious activities and ensure those responsible are held accountable."

DPRK-facilitated IT teams commonly rely on fraudulent documentation, stolen identities, and fabricated personas to conceal their true identities and gain employment with legitimate companies, including those in the United States and allied countries. The DPRK government reportedly appropriates the majority of the wages earned by these overseas IT workers, generating hundreds of millions of dollars to support the regime's WMD and ballistic missile programs, in violation of U.S. and United Nations sanctions. In certain instances, DPRK-affiliated workers have also covertly introduced malware into company networks to extract proprietary and sensitive information.

This action is part of the United States' whole-of-government effort to counter the DPRK's wide-ranging revenue generation schemes and builds on several other actions OFAC has taken in the last several months to stop the DPRK's IT worker schemes. In collaboration with our allies and partners, the United States will continue to counter DPRK's IT worker schemes. More information about the tactics utilized by DPRK IT workers and steps that can be taken to protect private networks can be found in the January 23, 2025 Federal Bureau of Investigation Public Service Announcement, North Korean IT Workers Conducting Data Extortion, as well as the May 16, 2022 IT Worker Advisory issued by the Departments of State, Treasury, and Justice.

KEY ENABLERS OF GLOBAL DPRK IT WORKER NETWORKS

OFAC's action today targets several DPRK IT worker networks by designating facilitators based in the DPRK, Vietnam, Laos, and Spain.

Amnokgang Technology Development Company (Amnokgang) is a DPRK IT company managing delegations of overseas IT workers and conducting other illicit procurement activities to obtain and sell military and commercial technology through their overseas networks. Nguyen Quang Viet (Nguyen) is the Chief Executive Officer (CEO) of Quangvietdnbg International Services Company Limited (Quangvietdnbg), a company based in Vietnam. Nguyen facilitates currency conversion services for North Koreans through his company. Between mid-2023 and mid-2025, Nguyen converted approximately $2.5 million into cryptocurrency for North Koreans, which included converting illicit earnings from IT workers associated with Amnokgang. Amnokgang is being designated pursuant to Executive Order (E.O.) 13810 for operating in the information technology industry in North Korea. OFAC is designating Nguyen for having materially assisted, sponsored, or provided financial, material, or technological support for, goods or services to or in support of Amnokgang. Quangvietdnbg is being designated pursuant to E.O. 13810 for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Nguyen.

Do Phi Khanh (Do) is an associate of U.S.-sanctioned DPRK nuclear procurement facilitator Kim Se Un (Kim), who acts as Kim's proxy and likely allows Kim to use his identity to open bank accounts and launder proceeds from DPRK IT workers. Hoang Van Nguyen (Hoang) also assists Kim in opening bank accounts, as well as enabling cryptocurrency transactions for Kim. Hoang has worked with Kim to procure foreign currency for the DPRK regime; in 2022, Hoang facilitated a counterfeit goods cigarette deal exceeding $200,000 on Kim's behalf. OFAC is designating Do and Hoang pursuant to E.O. 13382 for having provided, or attempted to provide, financial, material, technological or other support for, or goods or services in support of Kim.

Since at least 2023, DPRK national Yun Song Guk (Yun) led a group of North Korean IT workers that conduct freelance IT work operating out of Boten, Laos. Yun coordinated several dozen financial transactions totaling more than $70,000 with Hoang Minh Quang (Minh) relating to IT services performed by Yun. Since at least 2024, Yun also worked with York Louis Celestino Herrera (Celestino) to develop freelance IT service contracts for Yun. Yun is being designated pursuant to E.O. 13810 for being a North Korean person, including a North Korean person that has engaged in commercial activity that generates revenue for the Government of North Korea or the Workers' Party of Korea. OFAC is designating Minh and Celestino pursuant to E.O. 13810 for having materially assisted, sponsored, or provided financial, material, or technological support for, goods or services to or in support of Yun.

SANCTIONS IMPLICATIONS

As a result of today's action, all property and interests in property of the designated or blocked persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC's regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of blocked persons.

Violations of U.S. sanctions may result in the imposition of civil or criminal penalties on U.S. and foreign persons. OFAC may impose civil penalties for sanctions violations on a strict liability basis. OFAC's Economic Sanctions Enforcement Guidelines provide more information regarding OFAC's enforcement of U.S. economic sanctions. In addition, financial institutions and other persons may risk exposure to sanctions for engaging in certain transactions or activities involving designated or otherwise blocked persons. The prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated or blocked person, or the receipt of any contribution or provision of funds, goods, or services from any such person. Non-U.S. persons are also prohibited from causing or conspiring to cause U.S. persons to wittingly or unwittingly violate U.S. sanctions, as well as engaging in conduct that evades U.S. sanctions. Individuals located in the U.S. or abroad who provide information about sanctions violations to Treasury's Financial Crimes Enforcement Network's (FinCEN) whistleblower incentive program may be eligible for awards if the information they provide leads to a successful enforcement action that results in monetary penalties exceeding $1,000,000.

Furthermore, engaging in certain transactions involving the persons designated today may risk the imposition of secondary sanctions on participating foreign financial institutions. OFAC can prohibit or impose strict conditions on opening or maintaining, in the United States, a correspondent account or a payable-through account of a foreign financial institution that knowingly conducts or facilitates any significant transaction on behalf of a person who is designated pursuant to the relevant authority.

The power and integrity of OFAC sanctions derive not only from OFAC's ability to designate and add persons to the Specially Designated Nationals and Blocked Persons List (SDN List), but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior. For information concerning the process for seeking removal from an OFAC list, including the SDN List, or to submit a request, please refer to OFAC's guidance on Filing a Petition for Removal from an OFAC List.

Click here for more information on the persons designated today.