Treasury sanctions 8 for laundering North Korea earnings from cybercrime, IT worker scheme

Treasury sanctions 8 for laundering North Korea earnings from cybercrime, IT worker scheme | The Record from Recorded Future News Jonathan Greig November 4th, 2025 Treasury sanctions 8 for laundering North Korea earnings from cybercrime, IT worker scheme Eight people and two companies face U.S. sanctions for their role in laundering money earned for the government of North Korea through cybercrime and a long-running IT worker fraud scheme. The Treasury Department’s Office of Foreign Assets Control (OFAC) targeted IT company Korea Mangyongdae Computer Technology Company (KMCTC) and financial institution Ryujong Credit Bank with sanctions — accusing the North Korean businesses of being key cogs in Pyongyang’s effort to evade sanctions and bring home earnings from criminal activity. KMCTC runs the IT worker operation in the Chinese cities of Shenyang and Dandong, the Treasury said. The company helps the IT workers use Chinese nationals as proxies to obtain their earnings and launder them back to North Korea. U Yong Su, one of the men sanctioned, is currently president of KMCTC. Ryujong Credit Bank helps launder the money earned by IT workers and other North Koreans working overseas, the Treasury said. “North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said John Hurley, the Treasury undersecretary for terrorism and financial intelligence. “By generating revenue for Pyongyang’s weapons development, these actors directly threaten U.S. and global security.” Seven other men — Jang Kuk Chol, Ho Jong Son, Ho Yong Chol, Han Hong Gil, Jong Sung Hyok, Choe Chun Pom and Ri Jin Hyok — were also sanctioned for their role as employees of sanctioned companies or facilitators in the wider money laundering scheme. According to the Treasury Department, Jang Kuk Chol and Ho Jong Son are bankers tied to the previously sanctioned First Credit Bank. The North Koreans helped manage about $5.3 million in cryptocurrency, a portion of which was linked back to a ransomware attack on a U.S. organization. The department said some of the money also came from IT worker schemes — in which North Koreans use fake or stolen identities to illicitly obtain employment in high-paying roles at U.S. companies. The five other men serve as North Korean representatives in Russia and China who help facilitate the laundering of millions of dollars in earnings from a variety of schemes, the Treasury said. The department listed the following accusations: Ho Yong Chol helped change $2.5 million from U.S. dollars into Chinese yuan on behalf of sanctioned financial entity Korea Daesong Bank while also managing a multitude of transactions worth more than $85 million on behalf of other North Korean government entities. Han Hong Gil laundered about $630,000 through another sanctioned bank. Jong Sung Hyok serves as a North Korean financial representative in Vladivostok, Russia. Choe Chun Pom managed transactions totaling $200,000 and coordinated for Russian officials who recently visited Pyongyang. Ri Jin Hyok laundered more than $350,000 into Chinese currency on behalf of a sanctioned bank. The Treasury noted that the U.S. government recently released a report alongside several other countries about the myriad ways North Korea has been able to evade sanctions to help fund its government and specifically its weapons program. “[North Korean] cyber actors are responsible for conducting high-level cyber-enabled espionage, disruptive cyberattacks, and financial theft at a scale unmatched by any other country,” the department explained. “Over the past three years, North Korea-affiliated cybercriminals have stolen over $3 billion, primarily in cryptocurrency, often using sophisticated techniques such as advanced malware and social engineering.” Officials added that the IT worker scheme brings in “hundreds of millions of dollars per year." The new sanctions, according to the Treasury Department, are part of an effort to target the vast network of representatives and financial institutions that facilitate the transfer of stolen funds and illicit revenue from international markets to North Korea. Nation-state Government News Cybercrime Get more insights with the Recorded Future Intelligence Cloud. Learn more. No previous article No new articles Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic. Briefs Cyberattack on telecom giant Rostelecom disrupts internet services across Russia April 6th, 2026 FBI: Cyber fraud surges to $17.6 billion in losses as scams, crypto theft soar April 6th, 2026 Big tech vows to continue CSAM scanning in Europe despite expiration of law allowing it April 6th, 2026 First stalkerware maker prosecuted since 2014 receives no jail time April 6th, 2026 Singapore, US warn of latest Fortinet bug being exploited in wild April 6th, 2026 Major outage hits Russian banking apps, metro payments across regions April 6th, 2026 Hackers threaten to leak data after cyberattack on German party Die Linke April 6th, 2026 FCC proposes $4.5 million fine for voice service provider hosting ‘suspicious’ foreign call traffic April 3rd, 2026 EU cyber agency attributes major data breach to TeamPCP hacking group April 3rd, 2026 Understanding and Anticipating Venezuelan Government Actions Latin America and the Caribbean Cybercrime Landscape ClickFix Campaigns Targeting Windows and macOS 2025 Year in Review: Malicious, Infrastructure Preparing for Russia’s New Generation Warfare in Europe