Evolving Tactics of Sanction Evasion

‍Sanctioned countries and entities show no sign of deviating from their sanctioned behavior; illicit actors will continue to enhance their capabilities to evade or mitigate sanctions with the aid of disruptive technologies.

Russia, Iran, and North Korea, in particular, have developed a system of ghost fleets and third party subsidiaries in order to circumvent financial sanctions over their foreign policy agendas. Although countries have started to track and disrupt these more conventional sanctions evasions, adversaries have adapted with cyberattacks, cryptocurrencies, and GPS spoofing to fund their illicit - generally military - endeavors.

In this convoluted environment, companies that fail to monitor their supply chains closely could unknowingly help a sanctioned entity and be fined millions of dollars. 

‍

State and private entities within sanctioned countries attempt to obfuscate the origin of their business transactions by using shell companies, and layering transactions via tertiary destinations.

‍By obscuring their business operations, foreign entities can avoid sanctions and continue to operate in Western markets. Russian intermediaries are registered primarily in markets like mainland China, Turkey, the UAE, Hong Kong, and Kazakhstan specifically to circumvent Western restrictions, which aim to cut off Moscow’s access to critical technologies such as the microchips used in autonomous drones.

In order to maintain the Russian economy during wartime, the Russian government created a clandestine fleet of 200 ships, known as a “ghost fleet,” used to transport 70% of its oil and gas products to foreign markets. This fleet is composed of old vessels that operate without proper insurance, and with constantly changing names and registration information. 

‍

Conventional methods of circumventing sanctions are known and identifiable to and therefore more susceptible to secondary sanctions.‍

Ghost fleets and intermediary trade tend to be temporary solutions until national leaders find dedicated non-sanctioned markets for their goods, and/or build domestic industries to reduce reliance on imports.

For example, Iran operated a ghost fleet from 2020 through front companies and falsified shipping documents, until the U.S. Treasury Department was able to trace the transactions to Mohammed Hossein Shamkhami, the son of a top advisor to the Supreme Leader.

In 2025, the Treasury Department placed this network of 115 oil tankers under new sanctions in order to further restrict Iran’s oil and gas network. Despite the sanctions, Iran has been able to shelter and grow its oil and gas exports by finding a dedicated market in China; the country received 92% of Iran's oil and gas exports in June 2025. 

‍

Threat actors have developed new tactics to circumvent conventional sanctions with cyberattacks and cryptocurrency laundering.

‍When North Korea was placed under UN Sanctions in 2016, the country’s Lazarus Group changed their strategic cyber objectives from political to financial. Since then, the Lazarus Group has attacked multiple online crypto exchanges in an attempt to recoup losses from conventional sanctions.

In 2020, the group stole $1.3 billion in cryptocurrency by hacking into banks’ computer networks and sending fraudulent SWIFT messages to transfer the money to compromised accounts.

In 2025, the Lazarus Group stole an additional $1.5 billion in cryptocurrency by hacking into a crypto exchange. Since 2022 Iran has utilized cryptocurrencies to pay for international imports in a bid to increase trade and bypass import sanctions. Due to the decentralized nature of cryptocurrencies, these transactions cannot be halted through conventional financial institutions.

According to blockchain analytics company Chainalysis, approximately 61% of illicit crypto transactions originated from sanctioned or terrorist-linked entities in 2023.

‍

Failure to comply with sanctions, even unknowingly, can result in fines and reputational harm.

‍The U.S. Treasury Department’s OFAC (Office of Foreign Asset Control) has fined multiple businesses for their attempt to evade sanctions against Iran and Russia.

Even when companies unintentionally sell their products to foreign entities they can be subject to thousands of dollars in fines. OFAC issued 17 penalties, settlements, or findings of violations in 2023, totaling over $1.5 billion, with several of these penalized entities being based in the U.S.

‍

Companies can decrease their exposure to sanctioned goods by using end-user verification and AI integration to enhance due diligence.

‍Mapping out the types of products, transactions, and economic activity within business operations is the first step towards further due diligence screening.

With sanctioned entities using more complex technologies to mask their transaction origins, companies have started to integrate AI into their due diligence strategy in order to quickly match sanctioned entity names and identify potential security risks that could lead to financial harm. 

‍
Mitigate Risk, Maximize Compliance

In today’s complex and evolving sanctions landscape, staying compliant is no longer optional. Enterprises must stay up to date and conduct regular risk assessments on the potential danger of being targeted by sanction evading groups.

At Red5 Security, we provide advanced due diligence solutions to help your organization stay ahead of sanctioned entities and hidden threats. Our experts validate identities, credentials, and professional affiliations, and disclose relevant findings and information. We provide the clarity needed to proceed with confidence in your business decisions. 

‍