The U.S. Treasury Department on Tuesday announced sanctions targeting eight individuals and two entities it said were part of a North Korean financial network that laundered proceeds from cybercrime and fraudulent employment schemes, including payments tied to overseas IT workers and other illicit activity various illicit schemes.
The department identified the people and companies in a public action that lists the sanctioned individuals and entities, saying the network moved millions of dollars through both traditional banks and cryptocurrency channels. The designation includes Jang Kuk Chol and Ho Jong Son, who allegedly managed funds including $5.3 million in crypto on behalf of First Credit Bank (also known as Cheil Credit Bank), a bank that was previously subjected to sanctions; Korea Mangyongdae Computer Technology Company (KMCTC) and its president U Yong Su; Ryujong Credit Bank; and five representatives of North Korean financial institutions operating in Russia and China named by the Treasury.
The Treasury said a portion of the $5.3 million has been tied to a North Korean ransomware actor that has targeted U.S. victims and that Pyongyang‑affiliated cyber actors have stolen more than $3 billion, mostly in digital assets, over the past three years using sophisticated malware and social engineering.
The agency described how North Korean IT workers deployed abroad and associated entities obscured identities and used third‑party banking proxies to move income back to the DPRK. The blockchain intelligence firm referenced by the Treasury said wallet addresses linked to First Credit Bank received more than $12.7 million between June 2023 and May 2025, with inbound flows resembling salary payments consistent with the Treasury’s assessment.
The Treasury said it will continue to pursue facilitators that enable sanctions evasion to disrupt funding for weapons programs and cyber operations.