US Sanctions North Korean Bankers Over Cybercrime and IT Fraud
▼ Summary
– The U.S. Treasury imposed sanctions on two North Korean financial institutions and eight individuals for laundering cryptocurrency stolen through cybercrime and fraudulent IT worker schemes.
– OFAC designated Ryujong Credit Bank for sanctions-evasion activities and money laundering between North Korea and China.
– Additional sanctions targeted Korea Mangyongdae Computer Technology Company and its president for operating IT workers in China, plus two bankers managing funds linked to ransomware attacks.
– North Korean cybercriminals have stolen over $3 billion in cryptocurrency over three years using advanced malware and social engineering techniques.
– The sanctions block all U.S. property of designated entities and expose transacting financial institutions to secondary sanctions or enforcement actions.
The United States has taken decisive action against North Korean financial operatives, imposing sanctions on two banks and eight individuals for their roles in laundering illicit funds obtained through cybercrime and fraudulent IT worker schemes. This move by the Treasury Department targets a network accused of processing millions in cryptocurrency stolen by state-sponsored hackers and funneling money through overseas representatives in violation of international sanctions.
At the center of the enforcement action is Ryujong Credit Bank, a North Korean financial institution identified by the Treasury’s Office of Foreign Assets Control (OFAC) for its involvement in sanctions evasion and money laundering activities between North Korea and China. Also designated were Korea Mangyongdae Computer Technology Company (KMCTC) and its president, U Yong Su, for managing IT workers stationed in China. Two bankers, Jang Kuk Chol and Ho Chong Son, were sanctioned for overseeing financial operations on behalf of the previously blacklisted First Credit Bank, including funds connected to ransomware attacks affecting American victims.
Five additional financial representatives, Ho Yong Chol, Han Hong Gil, Jong Sung Hyok, Choe Chun Pom, and Ri Jin Hyok, operating from Russia and China were named for enabling North Korea to move tens of millions of dollars through the global financial system, directly contravening United Nations sanctions. U.S. officials highlighted that North Korean cybercriminals have stolen over $3 billion in cryptocurrency in just the past three years, relying on advanced malware and social engineering tactics to carry out their operations.
OFAC emphasized that North Korea deploys IT workers globally who conceal their identities and nationalities using forged or stolen documentation. These individuals secure contracts on freelance platforms and engage in IT development work, generating hundreds of millions of dollars annually for the regime. The sanctions freeze any U.S.-based assets belonging to the designated entities and individuals, and they expose any financial institution conducting business with them to potential secondary sanctions or legal enforcement.
This latest round of sanctions follows an October report from the Multilateral Sanctions Monitoring Team, which detailed how North Korea uses cyber operations and fraudulent IT schemes to bypass international restrictions. The report warned that these activities not only threaten international security but also endanger the stability of the global digital economy. It described North Korea’s cyber capabilities as a “full-spectrum, national program” operating at a level of sophistication comparable to those of China and Russia, noting that the revenue generated supports the country’s unlawful weapons of mass destruction and ballistic missile programs.
These measures are part of an ongoing enforcement campaign. In July, OFAC charged and indicted 20 individuals and eight companies across three separate actions. Just one month later, U.S. authorities sanctioned two more individuals and two additional companies tied to North Korean IT worker fraud.
(Source: Bleeping Computer)
