Treasury sanctions 8 for laundering North Korea earnings from cybercrime, IT worker scheme

Eight people and two companies face U.S. sanctions for their role in laundering money earned for the government of North Korea through cybercrime and a long-running IT worker fraud scheme. 

The Treasury Department’s Office of Foreign Assets Control (OFAC) targeted IT company Korea Mangyongdae Computer Technology Company (KMCTC) and financial institution Ryujong Credit Bank with sanctions — accusing the North Korean businesses of being key cogs in Pyongyang’s effort to evade sanctions and bring home earnings from criminal activity. 

KMCTC runs the IT worker operation in the Chinese cities of Shenyang and Dandong, the Treasury said. The company helps the IT workers use Chinese nationals as proxies to obtain their earnings and launder them back to North Korea. U Yong Su, one of the men sanctioned, is currently president of KMCTC. 

Ryujong Credit Bank helps launder the money earned by IT workers and other North Koreans working overseas, the Treasury said. 

“North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said John Hurley, the Treasury undersecretary for terrorism and financial intelligence. “By generating revenue for Pyongyang’s weapons development, these actors directly threaten U.S. and global security.”

Seven other men — Jang Kuk Chol, Ho Jong Son, Ho Yong Chol, Han Hong Gil, Jong Sung Hyok, Choe Chun Pom and Ri Jin Hyok — were also sanctioned for their role as employees of sanctioned companies or facilitators in the wider money laundering scheme. 

According to the Treasury Department, Jang Kuk Chol and Ho Jong Son are bankers tied to the previously sanctioned First Credit Bank. The North Koreans helped manage about $5.3 million in cryptocurrency, a portion of which was linked back to a ransomware attack on a U.S. organization. 

The department said some of the money also came from IT worker schemes — in which North Koreans use fake or stolen identities to illicitly obtain employment in high-paying roles at U.S. companies. 

The five other men serve as North Korean representatives in Russia and China who help facilitate the laundering of millions of dollars in earnings from a variety of schemes, the Treasury said. The department listed the following accusations:

• Ho Yong Chol helped change $2.5 million from U.S. dollars into Chinese yuan on behalf of sanctioned financial entity Korea Daesong Bank while also managing a multitude of transactions worth more than $85 million on behalf of other North Korean government entities. 
• Han Hong Gil laundered about $630,000 through another sanctioned bank. 
• Jong Sung Hyok serves as a North Korean financial representative in Vladivostok, Russia. 
• Choe Chun Pom managed transactions totaling $200,000 and coordinated for Russian officials who recently visited Pyongyang. 
• Ri Jin Hyok laundered more than $350,000 into Chinese currency on behalf of a sanctioned bank. 

The Treasury noted that the U.S. government recently released a report alongside several other countries about the myriad ways North Korea has been able to evade sanctions to help fund its government and specifically its weapons program. 

“[North Korean] cyber actors are responsible for conducting high-level cyber-enabled espionage, disruptive cyberattacks, and financial theft at a scale unmatched by any other country,” the department explained.  

“Over the past three years, North Korea-affiliated cybercriminals have stolen over $3 billion, primarily in cryptocurrency, often using sophisticated techniques such as advanced malware and social engineering.”

Officials added that the IT worker scheme brings in “hundreds of millions of dollars per year." The new sanctions, according to the Treasury Department, are part of an effort to target the vast network of representatives and financial institutions that facilitate the transfer of stolen funds and illicit revenue from international markets to North Korea.