公开观察名单条目必须有官方制裁、执法、法院或同等公开来源支持。
信任规则
不按国籍单独筛查。不发布未经验证的公开指控。证据在审核前保持私密。
举报进入审核队列,只有在证据充分并获批准后才会公开。
不按国籍单独筛查,不使用民族替代指标、强迫口号或政治忠诚测试。
问卷
在提高访问权限前,筛查已观察到的欺诈指标。
只选择已观察到的事实。结果是风险分流,不是公开指控。
操作文本已本地化;涉及法律、制裁或雇佣决定时,请以英文源文本和专业意见为准。
软性面试问题
只在问题与候选人自己的陈述相关时使用。
这些问题用于检查一致性、实时性和可验证经历,不是国籍测试。
声称韩国背景时
- 让候选人具体说明当前工作环境、常用工作时间、网络/手机号运营商、薪酬/KYC路径和设备收货方式。
- 学校或雇主应通过独立获取的联系方式核实,而不是只用候选人提供的联系人。
实时一致性检查
- 在政策允许时保持摄像头开启,并让候选人解释近期工作样本。
- 比较同一人在证件、面试、入职和后续会议中的一致性,不评价穿着、外貌或民族特征。
韩国语审查
- 韩国语方言、词汇和专业术语问题可请韩国本土母语者协助判断。
- 口音只能作为一个辅助线索,不能单独作为风险结论。
操作手册
适用于真实招聘、供应商审查和事件响应。
面试前
通过独立渠道核实身份、学历、工作经历、制裁状态和供应商控制。
设备发货前
只寄送到已验证地址,使用 MDM,阻止未授权远程访问,并延后代码库访问。
生产访问前
使用最小权限,检查不可能旅行、付款不匹配和源码管理活动。
发现信号时
保留证据,暂停访问,联系法务/合规,并向 IC3 或相应机构报告。
私密报告入口
报告进入审核队列。没有官方或可验证证据,不会公开。
Need native South Korean review for Korean-language, dialect, vocabulary, or claimed-background consistency? Contact dev.koriel@gmail.com.
官方公开案例
公开条目仅限 FBI、DOJ、OFAC 或同等官方来源。
FBI wanted: fraudulent remote IT worker team tied to blockchain theft
DOJ says four DPRK nationals used false or stolen identities to obtain remote IT roles and allegedly stole more than $900,000 in virtual currency from two companies.
4 listed people/entities
Kim Kwang Jin aka P.S.Kang Tae Bok aka Wong Shao OnnJong Pong Ju aka Bryan ChoChang Nam Il aka Bong Chee Shen, Peter Xiao
- False or stolen identities
- Remote IT roles at crypto companies
- Smart contract/source-code access
- Tornado Cash laundering allegations
FBI wanted: multi-year remote IT worker fraud case
DOJ says the defendants and co-conspirators obtained work from at least 64 U.S. companies, generated at least $866,255 from 10 companies, and laundered proceeds through a Chinese bank account.
2 listed people/entities
Jin Sung-IlPak Jin-Song
- Forged and stolen identity documents
- Laptop farm facilitation
- U.S. company remote jobs
- Money laundering allegations
Fourteen DPRK nationals indicted in Yanbian Silverstar / Volasys Silverstar scheme
DOJ says the group worked for DPRK-controlled Yanbian Silverstar and Volasys Silverstar, using false, stolen, and borrowed identities to obtain remote IT work and launder revenue.
14 listed people/entities
Jong Song HwaRi Kyong SikKim Ryu SongRim Un CholKim Mu RimCho Chung PomHyon Chol SongSon Un CholSok Kwang HyokChoe Jong YongKo Chung SokKim Ye WonJong Kyong CholJang Chol Myong
- False, stolen, and borrowed identities
- Front companies
- Remote work contracts
- Revenue laundering allegations
Official record, no official photo published here
OFAC sanctions: Chinyong Information Technology Cooperation Company and Kim Sang Man
OFAC sanctioned Chinyong and Kim Sang Man for roles tied to DPRK overseas IT worker delegations, revenue generation, and cryptocurrency payments.
2 listed people/entities
Chinyong Information Technology Cooperation Company aka Jinyong IT Cooperation CompanyKim Sang Man
- DPRK IT worker delegations
- Russia and Laos operations
- Cryptocurrency payment flows
- Sanctions designation
Official record, no official photo published here
DOJ charged Foreign Trade Bank representative Sim Hyon Sop in crypto laundering conspiracies
DOJ says Sim allegedly conspired with North Korean IT workers to launder proceeds from illegal IT development work at blockchain companies.
1 listed people/entities
Sim Hyon Sop aka Sim
- Blockchain development companies
- Stablecoin and virtual currency payments
- FTB-linked laundering allegations
- Sanctions evasion
Official record, no official photo published here
OFAC 2026 sanctions: facilitators and entities tied to DPRK IT worker fraud
OFAC designated six individuals and two entities for roles in DPRK IT worker schemes, including currency conversion, IT worker coordination, and facilitation services.
8 listed people/entities
Amnokgang Technology Development CompanyNguyen Quang VietQuangvietdnbg International Services Company LimitedDo Phi KhanhHoang Van NguyenYun Song GukHoang Minh QuangYork Louis Celestino Herrera
- Currency conversion
- IT worker coordination
- Freelance IT contracts
- Sanctions designation
Official record, no official photo published here
DOJ sentencing: U.S.-based laptop farms that helped DPRK IT workers pose as U.S. residents
DOJ says the defendants operated laptop farms that helped North Korean remote IT workers pose as U.S. residents, use stolen identities, and obtain work from more than 100 U.S. companies.
2 listed people/entities
Kejia WangZhenxing Wang aka Danny Wang
- Laptop farms
- Stolen identities
- U.S.-resident impersonation
- More than 100 victim companies
Official record, no official photo published here
Christina Marie Chapman laptop farm scheme
DOJ says Chapman assisted DPRK IT workers posing as U.S. residents, helped them work at 309 U.S. companies, and generated more than $17 million in illicit revenue.
1 listed people/entities
Christina Marie Chapman
- Laptop farm
- Stolen U.S. identities
- 309 U.S. companies
- Payroll and check laundering
Official record, no official photo published here
U.S. facilitators who provided identities, hosted laptops, and passed vetting steps
DOJ says the defendants provided U.S. identities, hosted victim company laptops, installed remote access software, and helped overseas IT workers pass employer vetting.
3 listed people/entities
Audricus PhagnasayJason SalazarAlexander Paul Travis
- Identity lending
- Laptop hosting
- Unauthorized remote access software
- Drug-test substitution
Official record, no official photo published here
Oleksandr Didenko identity and account marketplace
DOJ says Didenko stole U.S. identities and sold them to overseas IT workers, including DPRK IT workers, so they could fraudulently gain employment at 40 U.S. companies.
1 listed people/entities
Oleksandr Didenko aka Alexander Didenko
- Stolen identity marketplace
- Freelance platform accounts
- Money-service accounts
- 40 U.S. companies
Official record, no official photo published here
Taggcar and facilitator indictment tied to 64-company remote IT worker scheme
DOJ says the facilitators helped obtain work for DPRK IT workers from more than 64 U.S. companies; Erick Ntekereze Prince later pleaded guilty to wire fraud conspiracy.
3 listed people/entities
Pedro Ernesto Alonso De Los ReyesErick Ntekereze PrinceEmanuel Ashtor
- Staffing-vendor facilitation
- False and stolen identities
- Laptop farm
- 64 U.S. companies
Official record, no official photo published here
OFAC Department 53 / Laos IT worker network
OFAC says Department 53 and front companies maintained DPRK IT worker delegations in Laos and used aliases to generate revenue from IT projects including crypto exchanges, web apps, and mobile apps.
6 listed people/entities
Department 53 of the Ministry of the People's Armed ForcesKorea Osong Shipping Co aka OsongChonsurim Trading Corporation aka ChonsurimJong In CholSon Kyong SikLiaoning China Trade Industry Co., Ltd aka Liaoning China Trade
- Laos IT worker delegations
- Aliases with clients
- Crypto exchange development
- Equipment supply network
Official record, no official photo published here
OFAC Korea Sobaeksu IT worker and procurement network
OFAC says Sobaeksu and associated individuals helped evade sanctions and generate revenue through fraudulent IT worker schemes and related procurement activity.
4 listed people/entities
Korea Sobaeksu Trading Company aka Sobaeksu United CorporationKim Se UnJo Kyong HunMyong Chol Min
- IT worker deployment
- Vietnam-linked revenue activity
- Cryptocurrency and financial coordination
- Sanctions evasion
Official record, no official photo published here
OFAC Chinyong-linked payment and front-company network
OFAC says Andreyev and Kim Ung Sun facilitated hundreds of thousands of dollars in transfers for Chinyong, while Shenyang Geumpungri and Sinjin supported DPRK IT worker revenue generation.
4 listed people/entities
Vitaliy Sergeyevich AndreyevKim Ung SunShenyang Geumpungri Network Technology Co., Ltd aka Shenyang GeumpungriKorea Sinjin Trading Corporation aka Sinjin General Trading Corporation
- Crypto-to-cash conversion
- Chinyong-linked front company
- DPRK IT worker delegation
- Sanctions designation
Official record, no official photo published here
OFAC bankers and KMCTC IT delegation network
OFAC says DPRK bankers helped manage cryptocurrency funds and that KMCTC operated IT worker delegations from Shenyang and Dandong using banking proxies.
5 listed people/entities
Jang Kuk CholHo Jong SonKorea Mangyongdae Computer Technology Company aka KMCTCU Yong SuRyujong Credit Bank
- Cryptocurrency fund management
- IT worker delegations in China
- Banking proxies
- Sanctions designation
来源
Primary references used for Kimchi Canary controls.
U.S. Treasury OFAC, U.S. State Department, FBI · 2022-05-16
Guidance on the Democratic People's Republic of Korea Information Technology Workers
Baseline red flags and due diligence measures for avoiding inadvertent hiring of DPRK IT workers.
ODNI CTIIC / FBI IC3 · 2023-10-18
North Korean Tactics, Techniques, and Procedures for Revenue Generation
Updated indicators for fraudulent documents, proxy accounts, remote desktop use, and crypto payments.
FBI · 2025-01-23
North Korean IT Workers Conducting Data Extortion
Guidance on data theft, repository copying, session abuse, AI video, and remote hiring controls.
FBI IC3 · 2025-07-23
North Korean IT Worker Threats to U.S. Businesses
Public guidance on U.S.-based facilitators, laptop farms, report channels, and vendor exposure.
U.S. Department of Justice · 2025-06-30
Justice Department Announces Coordinated, Nationwide Actions to Combat North Korean Remote IT Workers
Charges, searches, account/domain seizures, and alleged blockchain-company crypto thefts.
U.S. Treasury OFAC · 2026-03-12
Treasury Sanctions Facilitators of DPRK IT Worker Fraud Targeting U.S. Businesses
Sanctions against facilitators and entities tied to DPRK IT worker fraud networks.
U.S. Department of Justice · 2026-04-15
Two U.S. Nationals Sentenced for Facilitating Fraudulent Remote Information Technology Worker Scheme
Sentencing announcement for U.S.-based laptop farm facilitators tied to DPRK remote IT worker fraud.
U.S. Department of Justice · 2025-07-24
Arizona Woman Sentenced in $17M IT Worker Fraud Scheme
Sentencing announcement for a U.S.-based laptop farm scheme involving more than 300 companies.
U.S. Department of Justice · 2025-11-14
Justice Department Announces Nationwide Actions to Combat Illicit North Korean Government Revenue Generation
Guilty pleas by U.S. and Ukrainian facilitators of DPRK remote IT worker schemes.
U.S. Treasury OFAC · 2025-01-16
Treasury Targets IT Worker Network Generating Revenue for DPRK Weapons Programs
OFAC designations for Department 53, front companies, supervisors, and equipment suppliers.
U.S. Treasury OFAC · 2025-07-24
Treasury Sanctions Clandestine IT Worker Network Funding the DPRK's Weapons Programs
OFAC designations for Korea Sobaeksu Trading Company and associated individuals.
U.S. Treasury OFAC · 2025-08-27
Treasury Sanctions Fraud Network Funding DPRK Weapons Programs
OFAC designations for a Chinyong-linked IT worker payment and front-company network.
U.S. Treasury OFAC · 2025-11-04
Treasury Sanctions DPRK Bankers and Institutions Involved in Laundering Cybercrime Proceeds and IT Worker Funds
OFAC designations tied to cybercrime proceeds, IT worker funds, and DPRK IT delegations.
U.S. Treasury OFAC · 2023-05-23
Treasury Targets DPRK Malicious Cyber and Illicit IT Worker Activities
U.S. Department of Justice · 2023-04-24
North Korean Foreign Trade Bank Representative Charged in Crypto Laundering Conspiracies