In a significant move to disrupt North Korea’s illicit financing activities, the U.S. Treasury Department has sanctioned a network of ten individuals and entities. This action targets those accused of laundering millions of dollars generated through cybercrime and a global IT worker fraud scheme, directly channeling funds into the regime’s prohibited weapons development programs.
Targeting the Financial Facilitators
The newly imposed sanctions focus on the key players within North Korea’s international financial web. According to the U.S. Treasury, these facilitators are instrumental in cleaning money stolen by state-sponsored hackers.
A senior official emphasized the direct threat posed by these activities. “North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” stated John K. Hurley, Under Secretary of the Treasury for Terrorism and Financial Intelligence. He affirmed the department’s commitment to “pursue the facilitators and enablers behind these schemes to cut off the DPRK’s illicit revenue streams.”
Key Entities and Individuals Sanctioned
The sanctions list reveals a sophisticated network blending traditional finance with digital assets. The designated parties include:
- Jang Kuk Chol and Ho Jong Son: These individuals are alleged to have managed funds, including $5.3 million in cryptocurrency, for the previously sanctioned First Credit Bank.
- Korea Mangyongdae Computer Technology Company (KMCTC): This North Korean IT company is accused of sending IT workers to China and using Chinese banking proxies to hide the origin of fraudulently obtained funds. Its current president, U Yong Su, was also named.
- Ryujong Credit Bank: Identified as providing financial support for sanctions evasion between China and North Korea.
- Five Representatives in Russia and China (Ho Yong Chol, Han Hong Gil, Jong Sung Hyok, Choe Chun Pom, and Ri Jin Hyok): These individuals are said to have facilitated multi-million dollar transactions for the sanctioned banks.
The Scale of Cyber-Theft and IT Worker Fraud
The Treasury Department outlined an “unmatched” campaign of cybercrime by Pyongyang, resulting in the theft of over $3 billion in digital assets over the past three years. A central pillar of this effort is a global IT worker fraud scheme.
The regime deploys its “IT army” worldwide, who gain employment at companies by hiding their true nationalities. They then funnel a significant portion of their salaries back to North Korea. In some cases, these workers collaborate with foreign freelancers, taking on projects and splitting the revenue to further obscure the money trail.
The Cryptocurrency Connection
Blockchain analysis provides a clear window into these operations. According to intelligence firm TRM Labs, cryptocurrency wallets linked to First Credit Bank show “consistent inbound flows resembling salary payments” from IT workers using false identities.
In total, these wallets received more than $12.7 million between June 2023 and May 2025, demonstrating a sustained and lucrative operation. TRM Labs concluded that these sanctioned individuals and entities form a “central component of Pyongyang’s sanctions-evasion architecture,” enabling the regime to move millions through both traditional and digital channels.
