The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned a North Korean front company and three associated individuals for their involvement in a fraudulent remote information technology (IT) worker scheme aimed at generating illicit revenues for Pyongyang.
The sanctions target Korea Sobaeksu Trading Company (aka Sobaeksu United Corporation), and individuals Kim Se Un, Jo Kyong Hun, and Myong Chol Min for evading sanctions imposed by the U.S. and the United Nations against the Democratic People’s Republic of Korea (DPRK) government.
“Our commitment is clear: Treasury, as part of a whole-of-government effort, will continue to hold accountable those who seek to infiltrate global supply chains and enable the sanctions evasion activities that further the Kim regime’s destabilizing agenda,” said Director of OFAC Bradley T. Smith.
The latest action demonstrates the U.S. government’s ongoing efforts to dismantle North Korea’s revenue generation schemes and fund its illegal nuclear and ballistic missile programs.
The IT worker scheme, now recognized as a global threat, involves the DPRK regime sending highly skilled IT workers to various countries to secure remote jobs and infiltrate companies using fraudulent documents, stolen identities, and false personas, often with the assistance of facilitators operating laptop farms.
In a peculiar trend, many of these fake workers have been found to use Minions and other Despicable Me characters in their social media profiles and email addresses.
“The DPRK government withholds most of the wages earned by IT workers, generating hundreds of millions of dollars to support the North Korean regime’s unlawful weapons programs. In some instances, these workers have introduced malware into company networks to steal sensitive data,” the Treasury stated.
The recent development comes shortly after OFAC sanctioned Song Kum Hyok, a member of a North Korean hacking group, for their involvement in the IT worker scheme.
In a related incident, Christina Marie Chapman from Arizona was sentenced to 8.5 years in prison for operating a laptop farm to deceive companies into believing IT workers were working remotely in the U.S. Chapman admitted guilt earlier this year.
The affected companies included a major TV network, a technology company in Silicon Valley, an aerospace manufacturer, an American car manufacturer, a luxury retailer, and a media and entertainment company. The IT workers also attempted to secure positions at two U.S. government agencies unsuccessfully.
The FBI confiscated over 90 laptops from Chapman’s residence during a raid in October 2023. Chapman is believed to have 49 laptops in overseas locations, including multiple shipments to a city on the North Korean border.
Overall, the elaborate scheme generated more than $17 million in illicit revenue for Chapman and North Korea between October 2020 and October 2023. Chapman has been ordered to serve three years of supervised release, forfeit funds intended for North Korea, and pay a substantial fine.
“Christina Chapman orchestrated a scheme that raised millions for the DPRK regime, exploited numerous American companies and government agencies, and stole identities of U.S. citizens,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division.
