Treasury targets DPRK IT worker facilitators in North Korea, Vietnam, Laos and Spain

WASHINGTON, March 12, 2026 — The U.S. Treasury’s Office of Foreign Assets Control sanctioned six individuals and two entities for supporting North Korea’s government-run IT worker schemes, which U.S. officials said defrauded American businesses and raised nearly $800 million in 2024 for the country’s weapons of mass destruction and ballistic missile programs.

Treasury said North Korean IT teams used stolen identities, false documents and fabricated personas to obtain jobs with legitimate companies in the United States and allied countries. In some cases, the workers also planted malware inside company networks to steal proprietary and sensitive information.

The designations target facilitators based in North Korea, Vietnam, Laos and Spain. Among those named were Amnokgang Technology Development Company, a North Korean IT firm; Vietnam-based Quangvietdnbg International Services Company Limited and its chief executive, Nguyen Quang Viet; Do Phi Khanh and Hoang Van Nguyen, who Treasury said helped launder proceeds and facilitate cryptocurrency transactions; and DPRK national Yun Song Guk, along with Hoang Minh Quang and York Louis Celestino Herrera, for supporting freelance IT work run from Laos.

Treasury said Nguyen converted about $2.5 million into cryptocurrency for North Koreans between mid-2023 and mid-2025, including illicit earnings tied to Amnokgang. It also said Yun coordinated dozens of transactions totaling more than $70,000 linked to IT services performed from Boten, Laos.

As a result of the action, all property and interests in property of the designated persons in the United States, or under the control of U.S. persons, are blocked and must be reported to OFAC. Treasury also warned that foreign financial institutions could face secondary sanctions for knowingly facilitating significant transactions for those designated.

Treasury said the move is part of a broader U.S. government effort to disrupt North Korea’s revenue-generation networks and protect private companies from data theft, extortion and sanctions evasion.