Key Highlights
- The U.S. Treasury’s Office of Foreign Assets Control sanctioned six individuals and two entities, freezing their U.S. assets and prohibiting American dealings as part of efforts to disrupt Pyongyang’s overseas money-laundering networks spanning Vietnam, Laos, and Spain.
- A Vietnamese facilitator allegedly converted approximately $2.5 million in earnings from North Korea’s fraudulent remote IT worker scheme into cryptocurrency between mid-2023 and mid-2025.
- The Democratic People’s Republic of Korea generated nearly $800 million in illicit revenue in 2024 alone through deceptive IT worker schemes that placed operatives in high-paying remote tech jobs at U.S. and allied companies.
The U.S. Treasury Department has imposed fresh sanctions on six individuals and two entities tied to North Korea’s elaborate scheme using fake remote IT workers to siphon money from American companies and fuel the regime’s weapons programs.
Issued March 12, 2026, the action by the Office of Foreign Assets Control (OFAC) targets facilitators operating in North Korea, Vietnam, Laos, and Spain. Officials say the Democratic People’s Republic of Korea (DPRK) dispatches skilled operatives who use stolen identities, forged documents, and phony online profiles to land high-paying remote tech jobs at U.S. firms and allies. Pyongyang skims most of the salaries, channeling the cash toward its nuclear and ballistic missile efforts.
Treasury estimates the IT worker fraud generated nearly $800 million in illicit revenue in 2024 alone. In some cases, the infiltrators plant malware to steal proprietary data or extort victims for large payoffs.
“The North Korean regime targets American companies through deceptive schemes carried out by its overseas IT operatives, who weaponize sensitive data and extort businesses for substantial payments,” Treasury Secretary Scott Bessent said in a statement. “Under President Trump’s leadership, Treasury will continue to follow the money in order to protect U.S. businesses from these malicious activities and ensure those responsible are held accountable.”
Among those sanctioned is Amnokgang Technology Development Company, a DPRK-based firm that manages overseas IT delegations and handles illicit tech procurement. Its Vietnamese partner, Quangvietdnbg International Services Company Limited, and CEO Nguyen Quang Viet allegedly laundered about $2.5 million in earnings into cryptocurrency between mid-2023 and mid-2025.
Other designees include Vietnamese nationals Do Phi Khanh and Hoang Van Nguyen, who assisted a sanctioned DPRK nuclear procurer in banking and crypto dealings; DPRK national Yun Song Guk, who ran an IT crew in Boten, Laos, coordinating over $70,000 in transactions; Hoang Minh Quang, who helped Yun; and Spain-based York Louis Celestino Herrera, who aided contract development.
The designations block U.S. assets and bar dealings with the targets. Foreign banks risk secondary sanctions for related transactions.
The move builds on prior U.S. warnings, including a January 2025 FBI alert on data extortion risks. Authorities urge companies to tighten remote-hiring vetting and monitor for suspicious activity to avoid becoming unwitting funders of Pyongyang’s arsenal.
Also read: IT Department Targets Moonlighters Paid in Crypto by Overseas Firms
