Article Details

U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud. The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud. "North Korean state-sponsored hackers steal and launder money to fund the regime's nuclear weapons program," said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. "By generating revenue for Pyongyang's weapons development, these actors directly threaten U.S. and global security. The Treasury will continue to pursue the facilitators and enablers behind these schemes to cut off the DPRK's illicit revenue streams." The names of sanctioned individuals and entities are listed below - A portion of $5.3 million has been linked to a North Korean ransomware actor known to have targeted U.S. victims in the past and handled revenue from IT worker operations. Describing North Korean cyber actors as orchestrating espionage, disruptive attacks, and financial theft at a scale "unmatched" by any other country, the Treasury said the Pyongyang-affiliated cybercriminals have stolen over $3 billion, mostly in digital assets, over the past three years using sophisticated malware and social engineering. The department also accused the regime of leveraging its IT army located across the world to gain employment at companies by obfuscating their nationality and identities, and funneling back a huge chunk of their income back to the Democratic People's Republic of Korea (DPRK). "In some instances, DPRK IT workers engage other foreign freelance programmers to establish business partnerships," it added. "They collaborate with these non-North Korean freelance workers on projects which were originally commissioned to those workers and split the revenue." According to TRM Labs, the cryptocurrency wallet addresses linked to First Credit Bank show "consistent inbound flows resembling salary payments" and that "these flows likely represent income from IT workers employed abroad under false identities." In all, the wallets controlled by the bank are said to have received more than $12.7 million between June 2023 and May 2025, indicating sustained activity spanning over two years. "Together, these individuals and entities form a central component of Pyongyang's sanctions-evasion architecture, enabling the regime to move millions of dollars through both traditional and digital channels, including cryptocurrency, to fund weapons programs and cyber operations," the blockchain intelligence firm said.