OFAC sanctions DPRK IT worker scheme network
Regulatory/Legal Action
Summary
Hide ▲
Show ▼
OFAC sanctioned Ryujong Credit Bank, KMCTC, and eight individuals tied to North Korean cryptocurrency laundering and fraudulent IT worker schemes. The U.S. Treasury Department said the network used sanctions-evasion and money laundering channels between North Korea and China, while also supporting IT worker operations in China and fund movements linked to ransomware attacks targeting U.S. victims. Officials said North Korea-affiliated cybercriminals have stolen over $3 billion over the past three years, and the sanctions block property under U.S. jurisdiction while raising secondary sanctions risk for counterparties.
Related Happenings
Treasury sanctions Prince Group-linked entities and FinCEN designates H-Pay Service
Regulatory/Legal Action
H score17
First: 24.06.2026 11:55
Last: 24.06.2026 11:55
Sources 1
About this happening:
The **U.S. Treasury** imposed fresh sanctions on **nine individuals** and **26 entities** linked to **Prince Group**, while **FinCEN** designated **H-Pay Service PLC** as a **prim...
Treasury sanctions Prince Group-linked entities and FinCEN designates H-Pay Service
Regulatory/Legal ActionAbout this happening: The **U.S. Treasury** imposed fresh sanctions on **nine individuals** and **26 entities** linked to **Prince Group**, while **FinCEN** designated **H-Pay Service PLC** as a **prim...
North Korea-aligned developer-targeting operations shift from fake interviews to recruitment phishing at scale
Threat Actor Meta
H score31
First: 15.06.2026 22:32
Last: 15.06.2026 22:32
Sources 1
About this happening:
North Korea-aligned developer-targeting operations are shifting from **fake interviews** to **recruitment-themed phishing** at scale, increasing the risk of industrialized **crede...
North Korea-aligned developer-targeting operations shift from fake interviews to recruitment phishing at scale
Threat Actor MetaAbout this happening: North Korea-aligned developer-targeting operations are shifting from **fake interviews** to **recruitment-themed phishing** at scale, increasing the risk of industrialized **crede...
OFAC sanctions Nobitex and designates executives
Regulatory/Legal Action
H score21
First: 03.06.2026 23:31
Last: 03.06.2026 23:31
Sources 1
About this happening:
**OFAC sanctioned Nobitex** and designated **its executives and founders**, freezing covered U.S.-jurisdiction assets and blocking U.S. business with the exchange and its leaders....
OFAC sanctions Nobitex and designates executives
Regulatory/Legal ActionAbout this happening: **OFAC sanctioned Nobitex** and designated **its executives and founders**, freezing covered U.S.-jurisdiction assets and blocking U.S. business with the exchange and its leaders....
U.S. Treasury sanctions Kok An scam network
Regulatory/Legal Action
H score40
First: 04.05.2026 08:59
Last: 04.05.2026 08:59
Sources 1
About this happening:
The **U.S. Treasury Department** sanctioned **Cambodian Senator Kok An** and affiliates tied to **cyber scam compounds**, escalating financial and legal pressure on a network accu...
U.S. Treasury sanctions Kok An scam network
Regulatory/Legal ActionAbout this happening: The **U.S. Treasury Department** sanctioned **Cambodian Senator Kok An** and affiliates tied to **cyber scam compounds**, escalating financial and legal pressure on a network accu...
Xu Zewei extradited for U.S. cyberespionage prosecution
Law Enforcement
H score57
First: 27.04.2026 22:56
Last: 27.04.2026 22:56
Sources 1
About this happening:
**Xu Zewei** was **extradited from Italy to the United States** to face criminal charges in a **cyberespionage** case tied to **China's MSS**. The move expands the legal exposure...
Xu Zewei extradited for U.S. cyberespionage prosecution
Law EnforcementAbout this happening: **Xu Zewei** was **extradited from Italy to the United States** to face criminal charges in a **cyberespionage** case tied to **China's MSS**. The move expands the legal exposure...
Timeline
-
18.03.2026 19:26 1 articles · 3mo ago
Remote worker hired for Salesforce data role in DPRK IT worker scheme
Exploitation ObservedAn IT worker was hired on August 15, 2025 as a remote employee to work on Salesforce data for an affected organization after replying to a help wanted ad, establishing access for a fraudulent employment effort tied to the DPRK IT worker scheme.
Show sources
- OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs — thehackernews.com — 18.03.2026 19:26
-
18.03.2026 19:26 1 articles · 3mo ago
Remote worker terminated after consistent logins from China
Detection Ioc UpdateThe same remote employee was terminated on August 25, 2025 after indicators showed consistent logins from China, exposing suspicious access activity at the affected organization.
Show sources
- OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs — thehackernews.com — 18.03.2026 19:26
-
18.03.2026 19:26 4 articles · 3mo ago
OFAC sanctions DPRK IT worker network
Legal Policy Action UpdateOn March 18, 2026, OFAC sanctioned six individuals and two entities tied to the DPRK IT worker scheme, which used bogus documentation, stolen identities, fabricated personas, malware, and extortion to defraud U.S. businesses and generate illicit revenue for North Korea's WMD programs.
Show sources
- OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs — thehackernews.com — 18.03.2026 19:26
- OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs — thehackernews.com — 18.03.2026 19:26
- U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits — thehackernews.com — 28.08.2025 11:53
- US sanctions North Korean bankers linked to cybercrime, IT worker fraud — www.bleepingcomputer.com — 05.11.2025 12:34