US Treasury Sanctions 8 North Koreans and 2 Banks for Laundering Crypto to Fund WMD Programs

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has announced new sanctions against eight individuals and two entities linked to North Korea’s global cybercrime and illicit IT operations, accusing them of laundering millions of dollars in stolen cryptocurrency and illicit earnings to fund Pyongyang’s weapons of mass destruction (WMD) and ballistic missile programs.

In a statement accompanying the designations, Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley underscored the gravity of the threat:

“North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program. By generating revenue for Pyongyang’s weapons development, these actors directly threaten U.S. and global security. Treasury will continue to pursue the facilitators and enablers behind these schemes to cut off the DPRK’s illicit revenue streams.”

According to the Treasury Department, the Democratic People’s Republic of Korea (DPRK) employs a “broad range of illicit activity, including cybercrime, to generate revenue for its WMD and ballistic missile programs.”

DPRK-linked hackers have conducted cyber-enabled espionage, disruptive cyberattacks, and large-scale cryptocurrency theft, stealing over $3 billion in the past three years through advanced malware and social engineering.

Meanwhile, North Korean IT workers—operating under false identities—have established global freelance and outsourcing networks, earning hundreds of millions of dollars per year by engaging in IT development work while concealing their nationality. Treasury’s report explains that some of these workers “engage other foreign freelance programmers to establish business partnerships… and split the revenue.”

Among the sanctioned entities are First Credit Bank, Ryujong Credit Bank, and a North Korean technology company named Korea Mangyongdae Computer Technology Company (KMCTC), all accused of facilitating international money laundering and sanctions evasion schemes.

Treasury revealed that North Korean bankers Jang Kuk Chol and Ho Jong Son managed $5.3 million in cryptocurrency linked to “a DPRK ransomware actor that has previously targeted U.S. victims and handled revenue from DPRK IT workers.” Both individuals were sanctioned “for having materially assisted, sponsored, or provided financial, material, or technological support for… a cyber-enabled activity” identified under U.S. Executive Order 13694.

Similarly, KMCTC, operating from China’s Shenyang and Dandong, deployed IT worker delegations and “used Chinese nationals as banking proxies in order to obfuscate the origin of funds generated by the DPRK IT workers’ illicit revenue generation schemes.” Its president, U Yong Su, has been designated for acting “on behalf of KMCTC, a person whose property and interests in property are blocked pursuant to E.O. 13810.”

One of the newly sanctioned institutions, Ryujong Credit Bank, provided “financial assistance in sanctions avoidance activities between China and North Korea,” including “the remittance of North Korea’s foreign currency earnings, money laundering, and financial transactions for overseas North Korean workers.”

OFAC also named five foreign-based North Korean operatives:

• Ho Yong Chol, who helped transfer over $2.5 million in U.S. dollars and Chinese yuan on behalf of the Korea Daesong Bank and managed transactions worth $85 million for a DPRK-affiliated group;
• Han Hong Gil, of Koryo Commercial Bank, who handled over $630,000 in illicit transactions;
• Jong Sung Hyok, the chief representative of the DPRK Foreign Trade Bank in Vladivostok;
• Choe Chun Pom, a DPRK Central Bank representative who facilitated payments and travel for Russian officials;
• And Ri Jin Hyok, another FTB affiliate, who moved over $350,000 in multi-currency transfers.

Each individual is sanctioned under various Executive Orders targeting those who “act for or on behalf of” North Korea’s sanctioned banks.

Related Posts:

• Dropping Elephant Targets Türkiye’s Missile Industry with Stealthy Conference Lures & VLC DLL Sideloading
• Treasury Department Hit by Major Cybersecurity Incident, China Suspected
• The US announces sanctions against Russian individuals and companies tied to worldwide hacking
• Space Race: SpaceX Lands $2 Billion Contract for Trump’s “Golden Dome” Missile Defense
• DPRK IT Workers: A Global Threat Expanding in Scope and Scale