The Department of the Treasury has announced new sanctions against the extended network of fraudsters from North Korea, Russia and China, who for years robbed American companies from cryptocurrencies, impersonating IT employees.
Sophisticated global operation
The latest sanctions shed light on one of the most sophisticated cybercrime projects of recent years. The operation has brought hundreds of millions of USD for the North Korean regime over the past few years, using a fraudulent network of false IT employees operating around the world.
The method of action was simple but extremely effective. North Korean spies impersonating remote IT employees, infiltrated foreign companies, and then robbed them from cryptocurrencies from the inside. Some operations also consisted in cheating real employees through false job offers and extortion of access data, e.g. to platforms.
Main players in the international fraud network
Wednesday sanctions covered key characters in this criminal network:
Vitaliy Andreyeva Russian citizen who, according to the allegations, helped the North Koreans from converting stolen cryptocurrencies to American dollars. This is a key element of the entire operation – without a smooth exchange mechanism, it would be difficult to use stolen digital assets.
Kim Ung Suna North Korean official acting from Russia, responsible for coordinating activities. His role shows how systematic and organized these operations were.
In addition to natural persons, the Sanctions were also covered by a North Korean company consisting of an IT employees and a Chinese Romantrka company that facilitated the operation of the entire network.
Check also: Solana in crisis! The number of traders on DEX has dropped by over 80%.
Financing of arms programs
Particularly disturbing is the goal for which the stolen measures were allocated. The Treasury Department stated that funds from these operations were used to support North Korean nuclear weapons and ballistic missiles.
John K. Hurley, Treasury Undersecretary for Terrorism and Financial Intelligence, stated:
North Korea regime is still attacking American companies through fraud with the participation of foreign IT employees who steal data and demand ransom
The latest sanctions also show the evolution of the American approach to the fight against cryptocurrency crime. The Trump administration clearly cuts off from the strategy of its predecessors, focusing on punishing specific criminals, not entire services mixing coins (see Tornadocash).
While Biden administration actively imposed sanctions on decentralized platforms used for washing dirty cryptocurrencies, the new team declares the desire to prosecute only the criminals themselves. This is a significant change in philosophy that can affect future regulatory activities.
The long -term consequences of these activities
The case reveals the growing threat from state hacker groups using cryptocurrencies. North Korean IT operations are becoming more and more sophisticated, using the globalization of remote work and the growing popularity of digital assets.
For the cryptocurrency industry, this means the need for even greater vigilance when verifying the identity of employees and business partners. Companies must strengthen safety procedures, especially when employing remote IT specialists.
Sanctions are also a warning to other countries and organizations that the American authorities treat cryptocurrency thefts as a serious threat to national security, especially when they serve to finance arms programs.
The latest US sanctions show how complex and international contemporary cryptocurrency crimes have become. Fighting them requires coordination at global level and constant adaptation to new methods of cybercriminals.
