US Sanctions Target DPRK IT Worker Schemes Defrauding Businesses

State Dept EB Bureau

Filed March 12th, 2026

Detected March 12th, 2026

Summary

The U.S. Department of State and Treasury have sanctioned two entities and six individuals for their involvement in schemes using North Korean IT workers to generate revenue for the DPRK's weapons programs. These operations systematically defraud U.S. businesses and fund illicit WMD and ballistic missile development.

View original document View source feed page

What changed

The U.S. government, through the Department of State and Treasury, has imposed sanctions on two entities and six individuals involved in Information Technology (IT) worker schemes orchestrated by the Democratic People’s Republic of Korea (DPRK). These schemes allegedly defraud U.S. businesses by using fraudulent documentation and stolen identities to gain employment, with the illicit proceeds directed towards funding the DPRK’s weapons of mass destruction and ballistic missile programs, in violation of UN and U.S. sanctions.

This action, taken pursuant to Executive Orders 13810 and 13382, highlights the ongoing threat posed by DPRK-facilitated cyber activities and illicit revenue generation. Companies engaging with IT workers, particularly those from regions with sanctions, should enhance due diligence to prevent inadvertently facilitating such schemes. While no specific compliance deadline is mentioned, entities should review their vendor vetting processes and be aware of potential penalties associated with supporting sanctioned entities or programs.

What to do next

Review vendor vetting processes for IT contractors and workers, especially those from or operating in regions with sanctions.
Enhance due diligence to identify and prevent the use of fraudulent documentation or identities in IT worker engagements.
Consult Treasury Department press releases for specific details on sanctioned entities and individuals.

Penalties

Sanctions imposed on entities and individuals.

Source document (simplified)

Home Office of the Spokesperson Press Releases … Sanctions to Disrupt DPRK IT Worker Schemes Defrauding U.S. Businesses hide

Sanctions to Disrupt DPRK IT Worker Schemes Defrauding U.S. Businesses

Media Note

Office of the Spokesperson

March 12, 2026

Today, the United States sanctioned two entities and six individuals involved in operations using Information Technology (IT) workers in foreign countries to generate revenue for the Democratic People’s Republic of Korea’s (DPRK) government. These government-orchestrated schemes systematically defraud U.S. businesses and direct the illicit proceeds toward the DPRK’s weapons of mass destruction (WMD) and ballistic missile programs. DPRK-facilitated IT teams commonly use fraudulent documentation, stolen identities, and fabricated personas to conceal their true identities and gain employment with legitimate companies worldwide.

As described in the October 22, 2025, report of the Multilateral Sanctions Monitoring Team, “The DPRK’s Violation and Evasion of UN Sanctions Through Cyber and Information Technology Worker Activities,” revenue derived from the DPRK’s cryptocurrency heists and overseas IT worker operations funds its unlawful WMD and ballistic missile programs. This illicit revenue generation threatens American citizens, international security, and the global digital economy.

The United States strongly condemns all activities of DPRK-associated entities that support the DPRK’s weapons programs in violation of UN and U.S. sanctions. Today’s action holds accountable those who target U.S. persons and support the DPRK’s illegal weapons programs. We stand committed together with other MSMT members to strengthen our resilience against such threats.

The Department of the Treasury’s action was taken pursuant to Executive Orders 13810 and 13382. For more information on today’s action, please see the Department of the Treasury’s press releases. **