On August 27, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned a fraudulent IT worker network linked to the Democratic People’s Republic of Korea (DPRK). A crypto address was included for Vitaliy Sergeyevich Andreyev, a Russian national who facilitated payments to Chinyong Information Technology Cooperation Company (Chinyong), also known as Jinyong IT Cooperation Company, which was sanctioned by OFAC and South Korea’s Ministry of Foreign Affairs (MOFA) in May 2023.
Also included in the designation were Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd., and Korea Sinjin Trading Corporation. These actors were designated for their involvement in schemes that funnel DPRK IT worker-derived revenue to support DPRK weapons of mass destruction and ballistic missile programs.
DPRK IT Worker Scheme: A Revenue Pipeline for WMD
Today’s designation builds upon other actions OFAC has taken to disrupt the DPRK’s IT worker schemes. In May 2023 OFAC included crypto addresses in its sanctions designation of Chinyong Information Technology Cooperation Company and its employee, Sang Man Kim. In these schemes, IT workers are deployed overseas, often under fraudulent identities, to infiltrate legitimate businesses, steal proprietary data, launch ransomware schemes, and remit wages. These payments are often made via cryptocurrency, and ultimately end up back in the hands of the DPRK to facilitate their WMD programs. As shown in the Reactor graph below, Chinyong and Kim relied upon a combination of mainstream services, defi protocols, and mixers to launder funds. We can also see how funds from Chinyong and DRPK IT worker wallets were funneled directly into service deposit addresses controlled by Kim.
A bitcoin address was also included in today’s designation of Andreyev, the Russian national who was sanctioned for facilitating payments to Chinyong. Andreyev worked with Kim Ung Sun, DPRK economic and trade consular official based in Russia, who was also designated today. Together, they facilitated financial transfers totaling over $600,000 by converting cryptocurrency to cash. The Reactor graph below shows how Andreyev’s address, which is a deposit address at a mainstream exchange, has been utilized multiple times to launder DPRK IT worker proceeds, as supported by the use of exchanges, bridges, and defi protocols. As cited by OFAC, it has received over $600,000.
Strategic Implications for Combating Crypto-Enabled, State-Backed Fraud
By targeting the facilitators Andreyev, Kim Ung Sun, and related front companies, OFAC is chipping away at DPRK illicit revenue streams. This designation continues to highlight DPRK IT labor networks abroad, especially those seeking to defraud American businesses and fund DPRK weapons programs.
This designation, in conjunction with other recent actions targeting DPRK IT worker schemes, signals that infrastructure and financial facilitators leveraging cryptocurrency to support the regime will continue to be prime targets for enforcement actions.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.
The post OFAC Sanctions Fraud Network Funding DPRK Weapons Programs appeared first on Chainalysis.
