The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Thursday announced sanctions against two individuals and four entities involved in generating illicit funds for North Korea as part of the fake IT worker scheme.

As part of the elaborate operation, North Korean operatives relied on stolen identities and AI to pose as IT workers and land jobs at companies in Western countries and elsewhere, to circumvent sanctions and generate revenue for the Pyongyang regime.

The scheme resulted in hundreds of companies in the US, UK, and Australia hiring fake IT workers, and the Democratic People’s Republic of Korea (DPRK) is believed to have dispatched such workers in Russia, China, and other countries as well.

In December, the US announced charges against 14 North Korean nationals involved in the scheme, estimating they funneled over $88 million to the North Korean government.

“These IT workers obfuscate their identities and locations to fraudulently obtain freelance employment contracts from clients around the world for IT projects, such as software and mobile application development,” the US Treasury says.

“The DPRK government withholds up to 90 percent of the wages earned by these overseas workers, thereby generating annual revenues of hundreds of millions of dollars for the Kim regime’s weapons programs to include weapons of mass destruction (WMD) and ballistic missile programs,” it continues.

On Thursday, OFAC announced sanctions against a North Korean government weapons-trading department, two of the department’s front companies and their leaders, and a Chinese company providing electronics equipment to North Korea.

Department 53 of The Ministry of The People’s Armed Forces, the Treasury says, sells advanced conventional weapons and military grade communications equipment, while netting illicit revenue for the North Korean regime through front companies in several sectors, including IT.

Korea Osong Shipping Co and Chonsurim Trading Corporation are two such front companies, maintaining delegations of North Korean IT workers in Laos.

Osong directed workers on projects such as cryptocurrency exchanges, website and mobile applications, while Chonsurim directed individuals to undertake IT work such as software development.

The Treasury Department has designated Son Kyong Sik, the China-based chief representative of Osong, and Jong In Chol, the president of Chonsurim’s North Korean IT worker delegation in Laos.

Additionally, the Treasury announced sanctions against Liaoning China Trade Industry Co, a Chinese company that shipped the electronics equipment that Department 53 needed to conduct the IT worker activities.

“These shipments include notebook and desktop computers, graphics cards, HDMI cables, and network equipment. OFAC is designating Liaoning China Trade for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, Department 53,” the department says.

Related: North Korean Hackers Targeting Freelance Software Developers

Related: US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists

Related: US Warns of Sophisticated Cyberattacks From Russia, China

Related: Cyber Insights 2025: Identities