The U.S. Treasury Department sanctioned eight North Korean individuals and two entities on Tuesday for laundering funds from cybercrimes and IT worker schemes that finance Pyongyang’s nuclear weapons program.
The action targets a sophisticated network of bankers and tech workers who have helped North Korea steal over $3 billion in cryptocurrency during the past three years, undermining global security while funding weapons development.
“North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. “By generating revenue for Pyongyang’s weapons development, these actors directly threaten U.S. and global security.”
Among those sanctioned are Jang Kuk Chol and Ho Jong Son, North Korean bankers who managed $5.3 million in cryptocurrency for First Credit Bank. The funds included proceeds from ransomware attacks on U.S. victims.
The Treasury also designated Korea Mangyongdae Computer Technology Company (KMCTC), which operates IT worker teams in Chinese cities. These workers use Chinese banking proxies to disguise the North Korean origins of their earnings.
North Korean IT workers worldwide earn hundreds of millions annually by hiding their identities on freelance platforms. They sometimes partner with foreign programmers to split project revenues.
The sanctions also hit Ryujong Credit Bank for facilitating money laundering between China and North Korea. Five other individuals were designated to represent North Korean financial institutions in China and Russia: Ho Yong Chol, Han Hong Gil, Jong Sung Hyok, Choe Chun Pom, and Ri Jin Hyo, along with U Yong Su, the current president of KMCTC.
Ho Yong Chol alone facilitated over $2.5 million in transfers for Korea Daesong Bank. He also managed transactions worth $85 million for another North Korean government group.
The sanctions freeze all U.S. assets of the designated individuals and entities. American citizens and companies are prohibited from doing business with them.
Treasury officials emphasized that sanctions aim to change behavior rather than punish those who violate them. The department maintains a process for removing entities from sanctions lists if they demonstrate compliance with the relevant requirements.
The action follows an October report by the Multilateral Sanctions Monitoring Team, which detailed North Korea’s cyber operations. The report links these schemes directly to funding weapons of mass destruction programs.