The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on eight individuals and two entities for their involvement in laundering funds from illicit North Korean activities, including cybercrime and fraudulent information technology (IT) work. These actions are intended to disrupt the flow of revenue that supports the Democratic People’s Republic of Korea’s (DPRK) weapons programs.
“North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. “By generating revenue for Pyongyang’s weapons development, these actors directly threaten U.S. and global security. Treasury will continue to pursue the facilitators and enablers behind these schemes to cut off the DPRK’s illicit revenue streams.”
A recent Multilateral Sanctions Monitoring Team report outlined how North Korea uses cyber operations and IT workers abroad to evade United Nations sanctions, generate funds for its weapons programs, and damage physical computer equipment.
North Korea relies on a network that conducts high-level espionage, disruptive cyberattacks, and large-scale financial theft—primarily in cryptocurrency—amounting to over $3 billion stolen in three years through advanced malware and social engineering techniques. Many DPRK IT workers operate globally under false or stolen identities to secure freelance contracts online; some collaborate with foreign programmers to split profits from these projects.
Among those sanctioned are Jang Kuk Chol (Jang) and Ho Jong Son, identified as North Korean bankers who managed at least $5.3 million in cryptocurrency linked partly to ransomware targeting U.S. victims and revenue from DPRK IT workers. Both were designated under several executive orders related to supporting or enabling cyber-enabled activity benefitting North Korea's government or ruling party.
The OFAC also updated its designation for First Credit Bank, highlighting its cryptocurrency-related activities.
The Korea Mangyongdae Computer Technology Company (KMCTC), an IT firm based in North Korea with operations extending into China, was sanctioned for using Chinese nationals as banking proxies to obscure the source of illicit revenues generated by DPRK IT workers. KMCTC president U Yong Su was also designated due to his leadership role at the company.
Additionally, Ryujong Credit Bank—a financial institution operating out of North Korea—was sanctioned for facilitating financial transactions aimed at avoiding sanctions between China and North Korea, which included money laundering activities related to overseas laborers.
Other individuals targeted include Ho Yong Chol, Han Hong Gil (Han), Jong Sung Hyok (Jong), Choe Chun Pom (Choe), and Ri Jin Hyok (Ri). These representatives are based in China or Russia and have been involved in transferring millions of dollars on behalf of various North Korean banks already subject to previous U.S. sanctions.
According to OFAC, these networks help North Korea access international markets despite restrictions by using front companies located domestically as well as internationally—including in China and Russia—to facilitate financial crimes such as fraudulent IT work or digital asset heists.
In response, all property belonging to those designated that falls within U.S. jurisdiction is now blocked; Americans are generally prohibited from conducting transactions involving such property unless authorized by OFAC licenses or exemptions. Entities owned 50 percent or more by blocked persons are also affected by these measures.
Financial institutions engaging with sanctioned parties may face further penalties or enforcement actions if found violating OFAC regulations—which prohibit providing funds or services benefiting any person listed under these designations.
OFAC emphasizes that its sanctioning process aims not only at punishing violators but encouraging changes in behavior among those designated; there is a legal process available for seeking removal from relevant lists upon demonstrating compliance.
