CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

US sanctions North Korean entities and individuals for cybercrime and IT worker fraud

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

The U.S. Treasury Department has imposed sanctions on ten North Korean individuals and entities involved in laundering $12.7 million in cryptocurrency and IT worker fraud. The sanctions target Ryujong Credit Bank and Korea Mangyongdae Computer Technology Company (KMCTC), along with their respective executives and financial representatives. The move aims to disrupt North Korea's ability to fund its weapons programs and other illicit activities through cybercrime and financial fraud. The Treasury Department has identified $12.7 million in transactions linked to North Korean financial institutions over the past two years. North Korean IT workers have been using foreign freelance programmers to establish business partnerships and split revenue. The Treasury Department has accused North Korea of leveraging its IT army to gain employment at companies by obfuscating their nationality and identities, funneling income back to the DPRK.

Timeline

  1. 05.11.2025 12:34 2 articles · 5d ago

    US sanctions North Korean entities and individuals for cybercrime and IT worker fraud

    The U.S. Treasury Department imposed sanctions on ten North Korean individuals and entities involved in laundering $12.7 million in cryptocurrency and IT worker fraud. The sanctions target Ryujong Credit Bank and Korea Mangyongdae Computer Technology Company (KMCTC), along with their respective executives and financial representatives. The move aims to disrupt North Korea's ability to fund its weapons programs and other illicit activities through cybercrime and financial fraud. The Treasury Department has identified $12.7 million in transactions linked to North Korean financial institutions over the past two years. North Korean IT workers have been using foreign freelance programmers to establish business partnerships and split revenue. The Treasury Department has accused North Korea of leveraging its IT army to gain employment at companies by obfuscating their nationality and identities, funneling income back to the DPRK.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

ChatGPT Misuse by Nation-State Actors for Malware Development and Influence Operations

OpenAI has disrupted three activity clusters misusing its ChatGPT AI tool for cyberattacks. These clusters include Russian, North Korean, and Chinese threat actors who used ChatGPT to develop malware, conduct phishing campaigns, and engage in influence operations. The Russian threat actor developed a remote access trojan (RAT) and credential stealer, while the North Korean group created malware and command-and-control (C2) infrastructure. The Chinese group, UNK_DropPitch, generated phishing content and tooling for routine tasks. Additionally, OpenAI blocked accounts used for scams, influence operations, and surveillance, including networks from Cambodia, Myanmar, Nigeria, and individuals linked to Chinese government entities.

Open in new tab

North Korean Hackers Steal $2 Billion in Cryptocurrency in 2025

North Korean hackers have stolen approximately $2 billion in cryptocurrency in 2025, the highest annual total recorded. This theft is part of a broader campaign to fund nuclear weapons development. The largest single heist was the Bybit hack in February, which accounted for $1.46 billion. The tactics used by these hackers have evolved to include more sophisticated laundering techniques and a shift towards targeting individuals and exchange employees through social engineering. The 2025 total so far is triple last year’s figure and beats 2022’s record of $1.35bn, which came on the back of attacks against Ronin Network and Harmony Bridge. The total amount stolen by North Korean hackers since 2017 exceeds $6 billion. Other notable breaches include LND.fi, WOO X, Seedify, and BitoPro. The Lazarus Group stole an estimated $11 million from BitoPro. The actual stolen amount may be higher due to difficulties in attribution and unreported incidents.

Open in new tab

North Korean State Actors Exploit Fake Employee Schemes to Infiltrate Companies

North Korean state actors have been using fake or stolen identities to secure IT jobs in various companies, particularly in the blockchain and technology sectors. These actors have stolen virtual currency and funneled money to North Korea's weapons program. The practice has escalated with the rise of remote work and AI, enabling fraudsters to impersonate employees and gain privileged access to company networks. Thousands of North Korean IT workers have infiltrated the job market over the past two years, exploiting vulnerabilities in hiring processes and remote work environments. Over 320 cases of North Korean operatives infiltrating companies by posing as remote IT workers were identified in August 2025. The Justice Department has shut down several laptop farms used by these actors, but the problem persists, with security experts warning of significant security risks and financial losses for affected companies. The U.S. Treasury's Office of Foreign Assets Control (OFAC) has recently sanctioned two individuals and two entities for their role in these schemes, identifying financial transfers worth nearly $600,000 and over $1 million in profits generated since 2021. Japan, South Korea, and the United States are collaborating to combat North Korean IT worker schemes. The three countries held a joint forum on August 26, 2025, in Tokyo to improve collaboration, with both Japan and South Korea issuing updated advisories on the threat. The United States sanctioned four entities for their roles in the IT worker fraud schemes, accusing them of working to help the Democratic People's Republic of Korea (DPRK) to generate revenue.

Open in new tab