US Sanctions North Korea-Linked Firms and Officials in Crypto Laundering Case

Highlights:

• US sanctions hit North Korean IT networks accused of laundering millions through stolen cryptocurrency for weapons funding.
• The Treasury named Russian and North Korean officials who moved stolen crypto into dollars to support Pyongyang programs.
• A Chinese front firm and DPRK trading company helped operatives infiltrate global businesses with fake identities and malware.

The United States Treasury Department announced new measures on August 27 against a network accused of stealing cryptocurrency to finance North Korea’s weapons program. Specifically, officials named Russian national Vitaliy Sergeyevich Andreyev and North Korean official Kim Ung Sun as central figures in the scheme.

$crypto

US Treasury sanctions North Korea, Russia, China entities for crypto theft fueling weapons programs

— Byul (@byul_finance) August 27, 2025

In particular, the authorities indicated that Andreyev had laundered around $600,000 of stolen cryptocurrency into U.S. dollars. The money was redirected to Chinyong Information Technology Cooperation Company, which was already sanctioned due to its affiliations with the Ministry of Defense of North Korea.

Officials described Andreyev as a key money handler who worked directly with Sun. While Andreyev moved the stolen funds, Sun facilitated their flow through his diplomatic position in Russia. Their combined activities strengthened the Chinyong company’s role as a shadow employer of North Korean IT workers.

Investigators said Chinyong placed operatives inside foreign companies using fake identities and documents. Those workers funneled earnings to Pyongyang and supported the development of weapons programs. Authorities emphasized that Chinyong continues to function as a core financial channel for the regime.

US Sanctions Target Firms Backing DPRK IT Workers

Alongside the two individuals, the Treasury targeted two companies accused of fronting for North Korean IT operations. Shenyang Geumpungri Network Technology Co., Ltd., based in China, provided cover for Chinyong’s IT teams. Moreover, according to investigators, the firm generated more than $1 million in profits since 2021 that were funneled to North Korea. Meanwhile, the DOJ is set to seize $7.7M in crypto earned by North Korean IT workers using fake identities.

The DOJ is cracking down, set to seize $7.7M in crypto linked to North Korean operatives masquerading as US workers. These funds were funneled through NFTs and complex chain-hopping to fuel Pyongyang's agenda.

— CryptoCuddles (@0xcuddles) June 8, 2025

Officials said the company enabled operatives to gain access to technology and cryptocurrency firms worldwide. Workers infiltrated companies by using forged documents and stolen identities. In some cases, they planted malware that threatened sensitive data and created risks for American businesses.

The second entity, Korea Sinjin Trading Corporation, maintained direct links to the Ministry of People’s Armed Forces General Political Bureau. Treasury officials explained that Sinjin acted as an intermediary between IT operatives and military authorities in Pyongyang. Through this role, Sinjin ensured that the profits from fraud reached the regime’s defense programs.

Secretary for Terrorism and Financial Intelligence John K. Hurley stated, “North Korea continues to exploit overseas IT workers to fund its dangerous weapons program, and we will take every step to disrupt these schemes.” His statement reinforced the department’s intent to continue expanding restrictions on networks connected to Pyongyang.

Crackdown on DPRK Cyber and Crypto Networks Widens

The August 27 action built on previous measures taken against North Korean entities, including Chinyong. Treasury officials blocked all assets linked to the sanctioned individuals and companies within U.S. jurisdiction.

The extent of North Korean actions has been reported by international investigations. For example, the United Nations estimated in a report that DPRK-linked groups had stolen more than 3.6 billion in cryptocurrency between 2017 and 2024. Analysts believe that this number has been rising since infiltration methods are still in existence.

Meanwhile, the Treasury collaborated with Japan and South Korea to create awareness and had planned to discuss the activities of North Korea at the G7 summit. In July, the same sanctions were levied against individuals associated with the Reconnaissance General Bureau. The authorities verified that these ongoing measures are to ensure that digital funds do not reach North Korea’s weapons program.