The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned a North Korean front company and three associated individuals for their involvement in the fraudulent remote information technology (IT) worker scheme designed to generate illicit revenues for Pyongyang.
The sanctions target Korea Sobaeksu Trading Company (aka Sobaeksu United Corporation), and Kim Se Un, Jo Kyong Hun, and Myong Chol Min for evading sanctions imposed by the U.S. and the United Nations against the Democratic People’s Republic of Korea (DPRK) government.
“Our commitment is clear: Treasury, as part of a whole-of-government effort, will continue to hold accountable those who seek to infiltrate global supply chains and enable the sanctions evasion activities that further the Kim regime’s destabilizing agenda,” said Director of OFAC Bradley T. Smith.
The latest action marks the U.S. government’s continued efforts to dismantle North Korea’s wide-ranging revenue generation schemes and fund its illegal nuclear and ballistic missile programs.
The IT worker scheme, which has mutated into a global threat, entails the DPRK regime dispatching highly skilled IT workers to various locations, including China, Russia, and Vietnam, to obtain remote jobs and infiltrate U.S. companies and elsewhere using a combination of fraudulent documents, stolen identities, and false personas, often with help from facilitators who run laptop farms.
In what has been described as a recurring, if “baffling,” theme, many of these fake workers have been found to use Minions and other Despicable Me characters in social-media profiles and email addresses.
“The DPRK government withholds most of the wages earned by IT workers, generating hundreds of millions of dollars in revenue to support the North Korean regime’s unlawful weapons of mass destruction and ballistic missile programs,” the Treasury said. “In some cases, these DPRK IT workers have introduced malware into company networks to exfiltrate proprietary and sensitive data.”
The development comes merely weeks after OFAC sanctioned Song Kum Hyok, a 38-year-old member of a North Korean hacking group called Andariel, for their role in the IT worker scheme.
In related news, Christina Marie Chapman, 50, of Arizona, was sentenced to 8.5 years in prison for running a laptop farm for IT workers to give the impression that they were working remotely within the U.S. when, in reality, they were logging into those machines remotely. Chapman pleaded guilty earlier this February.
The impacted companies included a top-five major television network, a Silicon Valley technology company, an aerospace manufacturer, an American car maker, a luxury retail store, and a U.S. media and entertainment company. The IT workers also unsuccessfully attempted to land jobs at two different U.S. government agencies.
The U.S. Federal Bureau of Investigation (FBI) seized more than 90 laptops from Chapman’s home during an October 2023 raid. Chapman is also said to have 49 laptops at locations overseas, including multiple shipments to a Chinese city on the North Korean border.
In all, the elaborate counterfeit operation netted more than $17 million in illicit revenue for Chapman and North Korea from October 2020 to October 2023. Chapman has also been ordered to serve three years of supervised release, to forfeit $284,556 that was to be paid to the North Koreans, and to pay a judgment of $176,850.
“Christina Chapman perpetrated a years’ long scheme that resulted in millions of dollars raised for the DPRK regime, exploited more than 300 American companies and government agencies, and stole dozens of identities of American citizens,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division.
