Find notable cyber news and cases, enriched with sources, timelines, and signals.

OFAC sanctions DPRK IT worker scheme network

Regulatory/Legal Action
First reported
Last updated
Happening score
H score 32
2 unique sources, 3 articles

Summary

Hide ▲

OFAC sanctioned Ryujong Credit Bank, KMCTC, and eight individuals tied to North Korean cryptocurrency laundering and fraudulent IT worker schemes. The U.S. Treasury Department said the network used sanctions-evasion and money laundering channels between North Korea and China, while also supporting IT worker operations in China and fund movements linked to ransomware attacks targeting U.S. victims. Officials said North Korea-affiliated cybercriminals have stolen over $3 billion over the past three years, and the sanctions block property under U.S. jurisdiction while raising secondary sanctions risk for counterparties.

Related Happenings

Treasury sanctions Prince Group-linked entities and FinCEN designates H-Pay Service

Regulatory/Legal Action
H score17 First: 24.06.2026 11:55 Last: 24.06.2026 11:55 Sources 1

About this happening: The **U.S. Treasury** imposed fresh sanctions on **nine individuals** and **26 entities** linked to **Prince Group**, while **FinCEN** designated **H-Pay Service PLC** as a **prim...

North Korea-aligned developer-targeting operations shift from fake interviews to recruitment phishing at scale

Threat Actor Meta
H score31 First: 15.06.2026 22:32 Last: 15.06.2026 22:32 Sources 1

About this happening: North Korea-aligned developer-targeting operations are shifting from **fake interviews** to **recruitment-themed phishing** at scale, increasing the risk of industrialized **crede...

OFAC sanctions Nobitex and designates executives

Regulatory/Legal Action
H score21 First: 03.06.2026 23:31 Last: 03.06.2026 23:31 Sources 1

About this happening: **OFAC sanctioned Nobitex** and designated **its executives and founders**, freezing covered U.S.-jurisdiction assets and blocking U.S. business with the exchange and its leaders....

U.S. Treasury sanctions Kok An scam network

Regulatory/Legal Action
H score40 First: 04.05.2026 08:59 Last: 04.05.2026 08:59 Sources 1

About this happening: The **U.S. Treasury Department** sanctioned **Cambodian Senator Kok An** and affiliates tied to **cyber scam compounds**, escalating financial and legal pressure on a network accu...

Xu Zewei extradited for U.S. cyberespionage prosecution

Law Enforcement
H score57 First: 27.04.2026 22:56 Last: 27.04.2026 22:56 Sources 1

About this happening: **Xu Zewei** was **extradited from Italy to the United States** to face criminal charges in a **cyberespionage** case tied to **China's MSS**. The move expands the legal exposure...

Timeline

  1. 18.03.2026 19:26 1 articles · 3mo ago

    Remote worker hired for Salesforce data role in DPRK IT worker scheme

    Exploitation Observed

    An IT worker was hired on August 15, 2025 as a remote employee to work on Salesforce data for an affected organization after replying to a help wanted ad, establishing access for a fraudulent employment effort tied to the DPRK IT worker scheme.

    Show sources
  2. 18.03.2026 19:26 4 articles · 3mo ago

    OFAC sanctions DPRK IT worker network

    Legal Policy Action Update

    On March 18, 2026, OFAC sanctioned six individuals and two entities tied to the DPRK IT worker scheme, which used bogus documentation, stolen identities, fabricated personas, malware, and extortion to defraud U.S. businesses and generate illicit revenue for North Korea's WMD programs.

    Show sources