top of page
Search

'U.S. Imposes Sanctions on North Korean Entities for Cryptocurrency Laundering and IT Fraud'

  • Nov 5, 2025
  • 2 min read

Background


  • The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network.

  • The sanctions are for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud.

  • The Treasury stated that "North Korean state-sponsored hackers steal and launder money to fund the regime's nuclear weapons program."


Sanctioned Individuals and Entities


  • Jang Kuk Chol (Jang) and Ho Jong Son, who are said to have helped manage funds, including $5.3 million in cryptocurrency, on behalf of First Credit Bank (aka Cheil Credit Bank).

  • Korea Mangyongdae Computer Technology Company (KMCTC), an IT company based in North Korea that has dispatched IT worker delegations to China and used Chinese nationals as banking proxies.

  • U Yong Su, the current president of KMCTC.

  • Ryujong Credit Bank, which has provided financial assistance in sanctions avoidance activities between China and North Korea.

  • Ho Yong Chol, Han Hong Gil, Jong Sung Hyok, Choe Chun Pom, and Ri Jin Hyok, who are representatives of North Korean financial institutions in Russia and China and are said to have facilitated transactions worth millions of dollars on behalf of the sanctioned banks.


Cryptocurrency Laundering and IT Worker Fraud


  • A portion of $5.3 million has been linked to a North Korean ransomware actor known to have targeted U.S. victims in the past.

  • The funds were also generated as part of the fraudulent employment scheme involving North Korean IT workers dispatched to China.

  • The Treasury accused the regime of leveraging its IT army located across the world to gain employment at companies by obfuscating their nationality and identities, and funneling back a huge chunk of their income back to the DPRK.

  • According to TRM Labs, the cryptocurrency wallet addresses linked to First Credit Bank show "consistent inbound flows resembling salary payments" and that "these flows likely represent income from IT workers employed abroad under false identities."

  • In total, the wallets controlled by the bank are said to have received more than $12.7 million between June 2023 and May 2025, indicating sustained activity spanning over two years.


Impact and Significance


  • The Treasury stated that these individuals and entities form a central component of Pyongyang's sanctions-evasion architecture, enabling the regime to move millions of dollars through both traditional and digital channels to fund weapons programs and cyber operations.

  • The sanctions are part of the U.S. government's ongoing efforts to disrupt North Korea's illicit revenue streams and disrupt the regime's ability to finance its nuclear and cyber weapons programs.


Sources


  • https://thehackernews.com/2025/11/us-sanctions-10-north-korean-entities.html

  • https://securityaffairs.com/184249/laws-and-regulations/u-s-sanctioned-north-korea-bankers-for-laundering-funds-linked-to-cyberattacks-and-peapons-program.html

  • https://www.facebook.com/cybersna/posts/the-us-treasury-sanctions-10-north-korean-entities-for-laundering-127m-in-crypto/1146359064360866/

  • https://www.reddit.com/r/CryptoCurrency/comments/1op17in/us_sanctions_10_north_korean_entities_for/

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page