The U.S. Treasury Department on Tuesday imposed sanctions on eight individuals and two entities within North Korea’s global financial network for laundering money for a variety of illegal schemes, including cybercrime and information technology (IT) worker fraud.
“North Korea’s state-sponsored hackers are stealing and laundering funds to fund the regime’s nuclear weapons program,” said John K. Hawley, the Treasury undersecretary for terrorism and financial intelligence.
“These actors directly threaten U.S. and global security by generating revenue for North Korea’s weapons development. Treasury will continue to pursue the facilitators and enablers behind these plans to cut off North Korea’s illicit revenue sources.”
The names of the sanctioned individuals and entities are listed below.
Jang Guk-chul (Jang) and Heo Jeong-seon are said to have helped manage funds, including $5.3 million in cryptocurrencies, on behalf of Cheil Credit Bank (also known as Cheil Bank), which was sanctioned in September 2017 for promoting North Korea’s missile program.Korea Mangyongdae Computer Technology Company (KMCTC), an IT company based in North Korea, is sending a delegation of two IT personnel to the Chinese city. Woo Yong-soo, a financial institution in Shenyang and Dandong that has used Chinese nationals as banking agents to hide the origin of funds generated as part of a fraudulent employment scheme, and Yujong Credit Bank, the current president of the Korea Private Sector Commission, which has sponsored sanctions evasion activities between China and North Korea. Representatives of North Korean financial institutions in Russia and China who allegedly facilitated millions of dollars worth of transactions on behalf of sanctioned banks, including Heo Yong-cheol, Han Hong-gil, Jeong Sung-hyuk, Choi Chun-beom, and Ri Jin-hyuk.
Some of the $5.3 million is said to be connected to a North Korean ransomware attacker known for targeting American victims in the past and processing proceeds from IT workers’ work.
The Treasury Department said North Korean cybercriminals orchestrate espionage, destructive attacks and financial theft on a scale “unparalleled” in any other country, and said that over the past three years, North Korea-linked cybercriminals have used sophisticated malware and social engineering to steal more than $3 billion, mostly in digital assets.
The ministry also accused the government of using its IT armies deployed around the world to obtain jobs for companies by obfuscating their nationality and identity, and funneling vast sums of their income to the Democratic People’s Republic of Korea (North Korea).
“In some cases, North Korean IT workers collaborate with other foreign freelance programmers to establish business partnerships,” the paper added. “They collaborate with non-North Korean freelance workers on projects that were originally entrusted to them and share the profits.”
According to TRM Labs, crypto wallet addresses linked to First Credit Bank show “consistent inbound flows resembling payroll payments” and “these flows likely represent income from IT workers employed overseas under false identities.”
A total of more than $12.7 million was reportedly deposited into wallets managed by the bank between June 2023 and May 2025, indicating continuous activity over two years.
“Together, these individuals and entities form a core component of Pyongyang’s sanctions evasion architecture, which allows the regime to move millions of dollars through both traditional and digital channels, including cryptocurrencies, to fund weapons programs and cyber operations,” the blockchain intelligence firm said.
Source link
