Treasury sanctions 8 for laundering North Korea earnings from cybercrime, IT worker scheme

Steven

Treasury sanctions 8 for laundering North Korea earnings from cybercrime, IT worker scheme

Summary

The US Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned eight individuals and two North Korean firms for facilitating the laundering of funds earned through state-linked cybercrime and an extensive IT worker fraud operation. The targeted entities include Korea Mangyongdae Computer Technology Company (KMCTC), which runs the IT worker scheme in Chinese cities, and Ryujong Credit Bank, implicated in laundering earnings back to North Korea.

Named individuals include KMCTC president U Yong Su and bankers tied to previously sanctioned institutions. Treasury officials say the activity channels cryptocurrency and fiat obtained from ransomware, theft and fake/stolen-identity employment into Pyongyang’s coffers — financing its weapons programme.

Key Points

  • OFAC sanctioned KMCTC and Ryujong Credit Bank for helping launder proceeds from cybercrime and an IT worker scheme.
  • Eight North Korean men were sanctioned for roles as company employees, bankers or overseas representatives facilitating money flows.
  • Jang Kuk Chol and Ho Jong Son are bankers linked to First Credit Bank and helped manage about $5.3m in cryptocurrency, some tied to a US ransomware incident.
  • Authorities say the IT worker scheme generates “hundreds of millions of dollars per year” by using fake or stolen identities to obtain high-paying jobs abroad.
  • Individual facilitators handled significant sums: Ho Yong Chol changed $2.5m and managed transactions over $85m; Han Hong Gil laundered ~ $630k; Ri Jin Hyok moved > $350k; Choe Chun Pom handled $200k; Jong Sung Hyok operated from Vladivostok.
  • Treasury highlights that North Korea-linked cybercriminals stole over $3bn in recent years, primarily in cryptocurrency.
  • The sanctions aim to disrupt the network of representatives and banks that move illicit funds from international markets back to Pyongyang.

Why should I read this?

Short and sharp: this tells you how Pyongyang turns hacking and fake IT jobs into hard cash — and which people and banks are now officially in the crosshairs. If you work in security, banking, compliance or recruitment, it’s worth a minute to see what methods and routes are being targeted.

Context and Relevance

These actions are part of a broader, multi-country effort to choke off revenue streams that fund North Korea’s weapons programme. The sanctions underscore growing US focus on the financial plumbing behind cyber-enabled theft, illicit cryptocurrency flows and labour-export schemes. For businesses: expect enhanced scrutiny from regulators, tighter due diligence on cross-border payrolls and more aggressive action against intermediaries and front companies.

Author style

Punchy: this is a Must Read. The piece compresses a complex sanctions move into clear facts — names, roles and dollar figures — making it useful intelligence for decision-makers who need to act quickly.

Source

Source: https://therecord.media/north-korea-us-sanctions-it-worker-scams-cybercrime