U. S. Sanctions 10 North Korean Entities for Laundering $12. 7M in Crypto and IT Fraud

The U.S. Treasury Department recently slapped sanctions on eight individuals and two entities tied to North Korea’s global financial network. These sanctions target those involved in laundering money from various illegal schemes, including cybercrime and fraud related to IT workers. John K. Hurley, the Under Secretary of the Treasury for Terrorism and Financial Intelligence, emphasized that North Korean state-backed hackers are stealing and laundering funds to bankroll the regime’s nuclear weapons program. This activity poses a direct threat not only to the U.S. but to global security at large. The Treasury vowed to keep chasing down those who enable these schemes to cut off North Korea’s illicit income. Among those sanctioned are Jang Kuk Chol and Ho Jong Son, who helped manage around $5.3 million in cryptocurrency linked to First Credit Bank, also known as Cheil Credit Bank. This bank was previously sanctioned back in 2017 for its role in supporting North Korea’s missile development programs. Additionally, the Korea Mangyongdae Computer Technology Company (KMCTC), an IT firm based in North Korea, was designated. KMCTC has sent IT worker delegations to Chinese cities like Shenyang and Dandong and used Chinese nationals as proxies to mask the origin of funds generated through fraudulent employment schemes. The company’s current president, U Yong Su, was also sanctioned. Another entity targeted is Ryujong Credit Bank, which is said to have assisted in evading sanctions in transactions between China and North Korea. Five other individuals, including Ho Yong Chol, Han Hong Gil, and Ri Jin Hyok, who represent North Korean financial institutions in Russia and China, are accused of facilitating transactions worth millions for the sanctioned banks. Part of the $5.3 million cryptocurrency is connected to a North Korean ransomware group known for targeting U.S. victims in the past. These hackers also handle revenue from the IT worker operations. The Treasury Department described North Korean cyber actors as unmatched in their scale of espionage, disruptive attacks, and financial theft. Over the past three years, these groups have stolen more than $3 billion, mostly in digital assets, using advanced malware and social engineering tactics. The regime reportedly leverages its global IT workforce by hiding their true nationality and identities to secure jobs abroad. A significant portion of their earnings is funneled back to North Korea. Sometimes, North Korean IT workers partner with foreign freelancers, sharing revenue from projects initially assigned to these non-North Korean professionals. TRM Labs analysis of cryptocurrency wallets linked to First Credit Bank shows consistent incoming payments that resemble salaries, likely representing income from these disguised IT workers. Between June 2023 and May 2025, wallets controlled by First Credit Bank reportedly received more than $12.7 million, showing a persistent illicit operation spanning over two years. According to blockchain intelligence firms, these people and organizations form a vital part of Pyongyang’s sanctions evasion network, allowing the regime to move millions through both traditional and digital financial channels. These funds ultimately support North Korea’s weapons programs and cyber operations, maintaining a steady flow of resources despite international restrictions. The core facts include the U.S. Treasury sanctioning 10 North Korean entities and individuals implicated in laundering over $12.7 million in cryptocurrency and orchestrating IT-based fraud schemes, with operations spanning China, Russia, and North Korea. Key stakeholders involved are North Korean banks, IT firms, cybercriminal groups, and intermediaries located in foreign countries, while secondary impacts could affect global cybersecurity, financial markets, and diplomatic relations. Immediate consequences reveal increased scrutiny on financial transactions tied to North Korea and disruptions to illicit revenue streams, echoing past sanctions from 2017 targeting similar entities. Comparatively, these efforts align with historical sanctions against North Korea’s missile and nuclear programs, highlighting persistent challenges in enforcement and evasion tactics. Looking ahead, optimistic scenarios envision enhanced blockchain monitoring and international cooperation curbing illicit flows, whereas risks involve evolving laundering techniques and increasingly sophisticated cyberattacks demanding proactive mitigation. From a regulatory perspective, priorities should focus on strengthening cross-border financial intelligence sharing (high outcome, moderate complexity), expanding blockchain forensic capabilities (moderate outcome, high complexity), and targeting front companies facilitating fraud (high outcome, low complexity) to effectively disrupt North Korea’s illicit funding pipelines.