Public watchlist entries require official sanctions, law-enforcement, court, or equivalent public-source backing.
Bureau de risque recrutement Web3
Kimchi Canary
Outil RH pratique pour repérer les signaux de fraude liés aux travailleurs IT distants DPRK.
Vérifiez les signaux issus de sources officielles avant l'envoi d'ordinateurs, l'accès aux dépôts ou les paiements crypto.
Faux CV ? Bonk.
Preuves d'abord. Intuition ensuite. Aucun laptop vers une adresse mystere.
15 groupes de sources verifiees
60 personnes/entites listees
20 photos officielles
Règles de confiance
Pas de filtrage basé seulement sur la nationalité. Pas d'accusations publiques non vérifiées. Les preuves restent privées avant examen.
Reports enter a moderation queue and are not published until approved with sufficient evidence.
No nationality-only screening, ethnicity proxies, forced slogans, or political loyalty tests.
Questionnaire
Verifiez les indicateurs de fraude observes avant d'augmenter les acces.
Sélectionnez les faits observés. Le résultat est un triage de risque, pas une accusation publique.
Traduction assistee par machine. Pour les decisions juridiques, sanctions ou emploi, confirmez avec le texte anglais et un conseil qualifie.
Questions d'entretien souples
A utiliser seulement si lie aux declarations du candidat.
Elles testent coherence, presence en direct et parcours verifiable. Ce ne sont pas des tests de nationalite.
If the person claims South Korea location, school, or work history
- Ask them to walk through their claimed current work setup in practical terms: workspace, normal work hours, network/phone carrier, payroll/KYC route, and how equipment can be delivered to the verified address.
- Ask for consent to verify the claimed Korean school or employer through independently sourced contacts, not through contacts supplied only by the candidate.
- Ask one neutral follow-up tied to their own claim, such as a nearby transit stop, office district, public service, or institution process. Treat this as a consistency check, not a nationality test.
Live-video consistency checks
- Keep the camera on with an unobscured background when policy allows, then ask the person to explain a recent work sample without screen-reading or long pauses.
- Ask the person to briefly show a live timestamp source or surroundings that match the claimed location, without collecting unnecessary private details.
- Compare the same person across official ID, interview, onboarding, and later meetings when company policy allows. Do not score fashion, grooming, attractiveness, ethnicity, or whether someone 'looks' like a nationality.
- Repeat one harmless factual question later in the process and compare the answer with the earlier record.
Psychology-aware fraud probes
- Prefer open-ended memory questions over yes/no questions: real candidates usually answer with specific, messy details; coached answers often stay generic.
- If accent, wording, or technical vocabulary seems inconsistent with claimed education or work history, ask neutral follow-ups about the claim. Do not score accent alone.
- For Korean-language concerns, ask a native South Korean reviewer to compare dialect, vocabulary, and professional terminology against the person's claimed background. Treat it as one corroborating clue only.
- Do not accuse during the interview. Ask for documentation, pause access, and compare claims across HR, device, payment, and source-control records.
- Use the same structured prompts for similarly situated candidates so the process stays fair, repeatable, and legally defensible.
Operational playbook
Useful in real hiring, vendor review, and incident response.
Before interview
Verify identity, education, employment, sanctions status, and vendor controls through independent channels.
Before equipment ships
Ship only to verified addresses, use MDM, block unauthorized remote access, and delay repository access.
Before production access
Use least privilege, watch for impossible travel, review payout mismatches, and log source-control activity.
If signals appear
Preserve evidence, pause access, involve counsel/compliance, and report through IC3 or the right authority.
Signalement privé
Les signalements sont modérés. Rien n'est publié sans preuve officielle ou vérifiable.
Need native South Korean review for Korean-language, dialect, vocabulary, or claimed-background consistency? Contact dev.koriel@gmail.com.
Cas publics officiels
Les entrées publiques sont limitées aux sources officielles comme FBI, DOJ ou OFAC.
FBI wanted: fraudulent remote IT worker team tied to blockchain theft
DOJ says four DPRK nationals used false or stolen identities to obtain remote IT roles and allegedly stole more than $900,000 in virtual currency from two companies.
4 listed people/entities
Kim Kwang Jin aka P.S.Kang Tae Bok aka Wong Shao OnnJong Pong Ju aka Bryan ChoChang Nam Il aka Bong Chee Shen, Peter Xiao
- False or stolen identities
- Remote IT roles at crypto companies
- Smart contract/source-code access
- Tornado Cash laundering allegations
FBI wanted: multi-year remote IT worker fraud case
DOJ says the defendants and co-conspirators obtained work from at least 64 U.S. companies, generated at least $866,255 from 10 companies, and laundered proceeds through a Chinese bank account.
2 listed people/entities
Jin Sung-IlPak Jin-Song
- Forged and stolen identity documents
- Laptop farm facilitation
- U.S. company remote jobs
- Money laundering allegations
Fourteen DPRK nationals indicted in Yanbian Silverstar / Volasys Silverstar scheme
DOJ says the group worked for DPRK-controlled Yanbian Silverstar and Volasys Silverstar, using false, stolen, and borrowed identities to obtain remote IT work and launder revenue.
14 listed people/entities
Jong Song HwaRi Kyong SikKim Ryu SongRim Un CholKim Mu RimCho Chung PomHyon Chol SongSon Un CholSok Kwang HyokChoe Jong YongKo Chung SokKim Ye WonJong Kyong CholJang Chol Myong
- False, stolen, and borrowed identities
- Front companies
- Remote work contracts
- Revenue laundering allegations
Official record, no official photo published here
OFAC sanctions: Chinyong Information Technology Cooperation Company and Kim Sang Man
OFAC sanctioned Chinyong and Kim Sang Man for roles tied to DPRK overseas IT worker delegations, revenue generation, and cryptocurrency payments.
2 listed people/entities
Chinyong Information Technology Cooperation Company aka Jinyong IT Cooperation CompanyKim Sang Man
- DPRK IT worker delegations
- Russia and Laos operations
- Cryptocurrency payment flows
- Sanctions designation
Official record, no official photo published here
DOJ charged Foreign Trade Bank representative Sim Hyon Sop in crypto laundering conspiracies
DOJ says Sim allegedly conspired with North Korean IT workers to launder proceeds from illegal IT development work at blockchain companies.
1 listed people/entities
Sim Hyon Sop aka Sim
- Blockchain development companies
- Stablecoin and virtual currency payments
- FTB-linked laundering allegations
- Sanctions evasion
Official record, no official photo published here
OFAC 2026 sanctions: facilitators and entities tied to DPRK IT worker fraud
OFAC designated six individuals and two entities for roles in DPRK IT worker schemes, including currency conversion, IT worker coordination, and facilitation services.
8 listed people/entities
Amnokgang Technology Development CompanyNguyen Quang VietQuangvietdnbg International Services Company LimitedDo Phi KhanhHoang Van NguyenYun Song GukHoang Minh QuangYork Louis Celestino Herrera
- Currency conversion
- IT worker coordination
- Freelance IT contracts
- Sanctions designation
Official record, no official photo published here
DOJ sentencing: U.S.-based laptop farms that helped DPRK IT workers pose as U.S. residents
DOJ says the defendants operated laptop farms that helped North Korean remote IT workers pose as U.S. residents, use stolen identities, and obtain work from more than 100 U.S. companies.
2 listed people/entities
Kejia WangZhenxing Wang aka Danny Wang
- Laptop farms
- Stolen identities
- U.S.-resident impersonation
- More than 100 victim companies
Official record, no official photo published here
Christina Marie Chapman laptop farm scheme
DOJ says Chapman assisted DPRK IT workers posing as U.S. residents, helped them work at 309 U.S. companies, and generated more than $17 million in illicit revenue.
1 listed people/entities
Christina Marie Chapman
- Laptop farm
- Stolen U.S. identities
- 309 U.S. companies
- Payroll and check laundering
Official record, no official photo published here
U.S. facilitators who provided identities, hosted laptops, and passed vetting steps
DOJ says the defendants provided U.S. identities, hosted victim company laptops, installed remote access software, and helped overseas IT workers pass employer vetting.
3 listed people/entities
Audricus PhagnasayJason SalazarAlexander Paul Travis
- Identity lending
- Laptop hosting
- Unauthorized remote access software
- Drug-test substitution
Official record, no official photo published here
Oleksandr Didenko identity and account marketplace
DOJ says Didenko stole U.S. identities and sold them to overseas IT workers, including DPRK IT workers, so they could fraudulently gain employment at 40 U.S. companies.
1 listed people/entities
Oleksandr Didenko aka Alexander Didenko
- Stolen identity marketplace
- Freelance platform accounts
- Money-service accounts
- 40 U.S. companies
Official record, no official photo published here
Taggcar and facilitator indictment tied to 64-company remote IT worker scheme
DOJ says the facilitators helped obtain work for DPRK IT workers from more than 64 U.S. companies; Erick Ntekereze Prince later pleaded guilty to wire fraud conspiracy.
3 listed people/entities
Pedro Ernesto Alonso De Los ReyesErick Ntekereze PrinceEmanuel Ashtor
- Staffing-vendor facilitation
- False and stolen identities
- Laptop farm
- 64 U.S. companies
Official record, no official photo published here
OFAC Department 53 / Laos IT worker network
OFAC says Department 53 and front companies maintained DPRK IT worker delegations in Laos and used aliases to generate revenue from IT projects including crypto exchanges, web apps, and mobile apps.
6 listed people/entities
Department 53 of the Ministry of the People's Armed ForcesKorea Osong Shipping Co aka OsongChonsurim Trading Corporation aka ChonsurimJong In CholSon Kyong SikLiaoning China Trade Industry Co., Ltd aka Liaoning China Trade
- Laos IT worker delegations
- Aliases with clients
- Crypto exchange development
- Equipment supply network
Official record, no official photo published here
OFAC Korea Sobaeksu IT worker and procurement network
OFAC says Sobaeksu and associated individuals helped evade sanctions and generate revenue through fraudulent IT worker schemes and related procurement activity.
4 listed people/entities
Korea Sobaeksu Trading Company aka Sobaeksu United CorporationKim Se UnJo Kyong HunMyong Chol Min
- IT worker deployment
- Vietnam-linked revenue activity
- Cryptocurrency and financial coordination
- Sanctions evasion
Official record, no official photo published here
OFAC Chinyong-linked payment and front-company network
OFAC says Andreyev and Kim Ung Sun facilitated hundreds of thousands of dollars in transfers for Chinyong, while Shenyang Geumpungri and Sinjin supported DPRK IT worker revenue generation.
4 listed people/entities
Vitaliy Sergeyevich AndreyevKim Ung SunShenyang Geumpungri Network Technology Co., Ltd aka Shenyang GeumpungriKorea Sinjin Trading Corporation aka Sinjin General Trading Corporation
- Crypto-to-cash conversion
- Chinyong-linked front company
- DPRK IT worker delegation
- Sanctions designation
Official record, no official photo published here
OFAC bankers and KMCTC IT delegation network
OFAC says DPRK bankers helped manage cryptocurrency funds and that KMCTC operated IT worker delegations from Shenyang and Dandong using banking proxies.
5 listed people/entities
Jang Kuk CholHo Jong SonKorea Mangyongdae Computer Technology Company aka KMCTCU Yong SuRyujong Credit Bank
- Cryptocurrency fund management
- IT worker delegations in China
- Banking proxies
- Sanctions designation
Sources
Primary references used for Kimchi Canary controls.
U.S. Treasury OFAC, U.S. State Department, FBI · 2022-05-16
Guidance on the Democratic People's Republic of Korea Information Technology Workers
Baseline red flags and due diligence measures for avoiding inadvertent hiring of DPRK IT workers.
ODNI CTIIC / FBI IC3 · 2023-10-18
North Korean Tactics, Techniques, and Procedures for Revenue Generation
Updated indicators for fraudulent documents, proxy accounts, remote desktop use, and crypto payments.
FBI · 2025-01-23
North Korean IT Workers Conducting Data Extortion
Guidance on data theft, repository copying, session abuse, AI video, and remote hiring controls.
FBI IC3 · 2025-07-23
North Korean IT Worker Threats to U.S. Businesses
Public guidance on U.S.-based facilitators, laptop farms, report channels, and vendor exposure.
U.S. Department of Justice · 2025-06-30
Justice Department Announces Coordinated, Nationwide Actions to Combat North Korean Remote IT Workers
Charges, searches, account/domain seizures, and alleged blockchain-company crypto thefts.
U.S. Treasury OFAC · 2026-03-12
Treasury Sanctions Facilitators of DPRK IT Worker Fraud Targeting U.S. Businesses
Sanctions against facilitators and entities tied to DPRK IT worker fraud networks.
U.S. Department of Justice · 2026-04-15
Two U.S. Nationals Sentenced for Facilitating Fraudulent Remote Information Technology Worker Scheme
Sentencing announcement for U.S.-based laptop farm facilitators tied to DPRK remote IT worker fraud.
U.S. Department of Justice · 2025-07-24
Arizona Woman Sentenced in $17M IT Worker Fraud Scheme
Sentencing announcement for a U.S.-based laptop farm scheme involving more than 300 companies.
U.S. Department of Justice · 2025-11-14
Justice Department Announces Nationwide Actions to Combat Illicit North Korean Government Revenue Generation
Guilty pleas by U.S. and Ukrainian facilitators of DPRK remote IT worker schemes.
U.S. Treasury OFAC · 2025-01-16
Treasury Targets IT Worker Network Generating Revenue for DPRK Weapons Programs
OFAC designations for Department 53, front companies, supervisors, and equipment suppliers.
U.S. Treasury OFAC · 2025-07-24
Treasury Sanctions Clandestine IT Worker Network Funding the DPRK's Weapons Programs
OFAC designations for Korea Sobaeksu Trading Company and associated individuals.
U.S. Treasury OFAC · 2025-08-27
Treasury Sanctions Fraud Network Funding DPRK Weapons Programs
OFAC designations for a Chinyong-linked IT worker payment and front-company network.
U.S. Treasury OFAC · 2025-11-04
Treasury Sanctions DPRK Bankers and Institutions Involved in Laundering Cybercrime Proceeds and IT Worker Funds
OFAC designations tied to cybercrime proceeds, IT worker funds, and DPRK IT delegations.
U.S. Treasury OFAC · 2023-05-23
Treasury Targets DPRK Malicious Cyber and Illicit IT Worker Activities
U.S. Department of Justice · 2023-04-24
North Korean Foreign Trade Bank Representative Charged in Crypto Laundering Conspiracies