The U.S. Treasury Department imposed sanctions on two North Korean financial institutions and eight individuals involved in laundering cryptocurrency stolen in cybercrime and fraudulent IT worker schemes.
The Treasury’s Office of Foreign Assets Control (OFAC) designated Ryujong Credit Bank, a North Korea-based financial institution linked to sanctions-evasion activities between North Korea and China, including money laundering.
OFAC also sanctioned Korea Mangyongdae Computer Technology Company (KMCTC) and its president, U Yong Su, for operating IT workers in China, and two North Korean bankers, Jang Kuk Chol and Ho Chong Son, for managing funds on behalf of the previously designated First Credit Bank, including money linked to ransomware attacks targeting U.S. victims.
Five additional financial representatives of North Korean financial institutions from Russia and China (Ho Yong Chol, Han Hong Gil, Jong Sung Hyok, Choe Chun Pom, and Ri Jin Hyok) were also designated for enabling North Korea to process financial transactions worth tens of millions of U.S. dollars in violation of UN sanctions.
North Korean cybercriminals have stolen cryptocurrency worth of cryptocurrency through sophisticated tactics, including advanced malware and social engineering, over the past three years, according to U.S. officials.
“Over the past three years, North Korea-affiliated cybercriminals have stolen over $3 billion, primarily in cryptocurrency, often using sophisticated techniques such as advanced malware and social engineering,” OFAC said on Tuesday.
“In addition, DPRK IT workers are located all around the world, obfuscating their nationality and identities. They earn hundreds of millions of dollars per year by engaging in a wide range of IT development work by obfuscating their nationality with false or stolen identities when they seek employment contracts and create accounts on freelance work websites.”
The sanctions block all property of designated companies and individuals under U.S. jurisdiction, while financial institutions that transact with these entities expose themselves to secondary sanctions or enforcement actions.
This week’s sanctions follow an October report from the Multilateral Sanctions Monitoring Team, which identified North Korea’s sanctions violations through cyber activities and IT operations. The report also warned that these malicious activities and cryptocurrency heists pose a threat to international security and the global digital economy.
“The DPRK’s cyber force is a full-spectrum, national program operating at a sophistication approaching the cyber programs of China and Russia,” the report said. “The DPRK employs its cyber capabilities to circumvent UN sanctions and generate revenue for the DPRK’s priorities, including the unlawful development of its WMD and ballistic missile programs.”
In July, OFAC sanctioned, charged, and indicted 20 individuals and eight companies in three separate enforcement actions. One month later, U.S. authorities sanctioned two more individuals and two companies associated with North Korean IT worker schemes.
It’s budget season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.
