The U.S. Treasury Department on Thursday sanctioned six individuals and two entities linked to a North Korean government scheme, which it alleged used fraudulent IT workers to infiltrate American companies and funnel hundreds of millions of dollars to Pyongyang’s weapons programs.
The scheme generated nearly $800 million in 2024 alone, according to the Treasury’s Office of Foreign Assets Control (OFAC), which announced the action as part of a broader crackdown on North Korea’s overseas revenue networks.
“The North Korean regime targets American companies through deceptive schemes carried out by its overseas IT operatives, who weaponize sensitive data and extort businesses for substantial payments,” said Treasury Secretary Scott Bessent, in a statement. “Under President Trump’s leadership, Treasury will continue to follow the money in order to protect U.S. businesses from these malicious activities and ensure those responsible are held accountable.”
North Korean IT workers typically use stolen identities, fake personas, and forged documents to secure remote employment with U.S. and allied companies, the Treasury said. The regime then siphons the majority of their wages to fund its nuclear and ballistic missile programs, in violation of American and United Nations sanctions. In some cases, workers have also planted malware inside company networks to steal proprietary data.
The individuals sanctioned Thursday operated across multiple countries, including Vietnam, Laos, and Spain. Among those designated was a Vietnamese businessman who allegedly converted approximately $2.5 million into cryptocurrency for North Korean operatives between 2023 and 2025.
Two others were sanctioned for helping a previously designated North Korean nuclear procurement facilitator launder money and open bank accounts. A North Korean national was also targeted for leading a group of IT workers operating out of Boten, Laos.
All U.S. assets of the designated individuals and entities are now frozen, and American persons are prohibited from conducting business with them. The Treasury Department noted that foreign financial institutions risk secondary sanctions for knowingly facilitating transactions on behalf of the designated parties.
North Korean state-sponsored hackers have been among the biggest antagonists in the crypto space, according to law enforcement and crypto intelligence firms. In 2025, North Korean hackers stole more than $2 billion worth of crypto in various attacks, according to Chainalysis, including a record haul of nearly $1.5 billion from crypto exchange Bybit.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
