The U.S. Treasury Department has imposed sanctions on eight individuals and two North Korean entities accused of laundering approximately $12.7 million through cryptocurrency and information technology fraud. These illicit activities are believed to be funding the regime's nuclear weapons program and other destabilizing operations.

Key Takeaways

• Eight individuals and two entities linked to North Korea's financial network have been sanctioned.

• The sanctions target money laundering operations, including cryptocurrency and IT worker fraud.

• Funds generated are suspected of financing North Korea's weapons development.

• Over $12.7 million was laundered between June 2023 and May 2025.

North Korea's Global Financial Network Targeted

Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley stated that North Korean state-sponsored hackers steal and launder money to finance the regime's nuclear weapons program. He emphasized that these actions directly threaten U.S. and global security, and the Treasury is committed to cutting off these illicit revenue streams.

The sanctioned entities and individuals include:

• Jang Kuk Chol and Ho Jong Son: Accused of managing funds, including $5.3 million in cryptocurrency, for First Credit Bank (also known as Cheil Credit Bank), which was previously sanctioned for its role in North Korea's missile programs.

• Korea Mangyongdae Computer Technology Company (KMCTC): An IT firm that has used Chinese nationals as banking proxies to conceal funds generated from fraudulent employment schemes involving IT workers dispatched to China.

• U Yong Su: The current president of KMCTC.

• Ryujong Credit Bank: Cited for providing financial assistance in sanctions avoidance activities between China and North Korea.

• Ho Yong Chol, Han Hong Gil, Jong Sung Hyok, Choe Chun Pom, and Ri Jin Hyok: Representatives of North Korean financial institutions in Russia and China, allegedly facilitating millions of dollars in transactions for sanctioned banks.

Sophisticated Cybercrime and IT Worker Fraud

Treasury officials described North Korean cyber actors as orchestrating espionage, disruptive attacks, and financial theft on an unprecedented scale. Over the past three years, these cybercriminals have reportedly stolen more than $3 billion, primarily in digital assets, utilizing advanced malware and social engineering tactics. The regime is also accused of leveraging its global IT workforce, who gain employment by concealing their identities and nationalities, to funnel income back to North Korea.

In some cases, North Korean IT workers collaborate with foreign freelance programmers, accepting commissioned projects and then diverting a significant portion of the revenue back to the DPRK. Blockchain intelligence firm TRM Labs noted that cryptocurrency wallets linked to First Credit Bank have shown consistent inbound flows resembling salary payments, likely from IT workers operating under false pretenses abroad. These wallets received over $12.7 million between June 2023 and May 2025, highlighting sustained illicit activity.

Funding Weapons Programs and Cyber Operations

The sanctioned individuals and entities are considered a critical part of Pyongyang's strategy to evade sanctions, enabling the regime to move substantial funds through both traditional and digital channels. This revenue is crucial for financing its weapons programs and ongoing cyber operations, posing a persistent threat to international security.

Sources

• U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud, The Hacker News.