OFAC sanctions DPRK IT worker scheme network
Regulatory/Legal Action
Summary
Hide ▲
Show ▼
OFAC sanctioned Ryujong Credit Bank, KMCTC, and eight individuals tied to North Korean cryptocurrency laundering and fraudulent IT worker schemes. The U.S. Treasury Department said the network used sanctions-evasion and money laundering channels between North Korea and China, while also supporting IT worker operations in China and fund movements linked to ransomware attacks targeting U.S. victims. Officials said North Korea-affiliated cybercriminals have stolen over $3 billion over the past three years, and the sanctions block property under U.S. jurisdiction while raising secondary sanctions risk for counterparties.
Related Happenings
U.S. Treasury sanctions Kok An scam network
Regulatory/Legal Action
First: 04.05.2026 08:59
Last: 04.05.2026 08:59
Sources 1
About this happening:
The **U.S. Treasury Department** sanctioned **Cambodian Senator Kok An** and affiliates tied to **cyber scam compounds**, escalating financial and legal pressure on a network accu...
U.S. Treasury sanctions Kok An scam network
Regulatory/Legal ActionAbout this happening: The **U.S. Treasury Department** sanctioned **Cambodian Senator Kok An** and affiliates tied to **cyber scam compounds**, escalating financial and legal pressure on a network accu...
Xu Zewei extradited for U.S. cyberespionage prosecution
Law Enforcement
First: 27.04.2026 22:56
Last: 27.04.2026 22:56
Sources 1
About this happening:
**Xu Zewei** was **extradited from Italy to the United States** to face criminal charges in a **cyberespionage** case tied to **China's MSS**. The move expands the legal exposure...
Xu Zewei extradited for U.S. cyberespionage prosecution
Law EnforcementAbout this happening: **Xu Zewei** was **extradited from Italy to the United States** to face criminal charges in a **cyberespionage** case tied to **China's MSS**. The move expands the legal exposure...
DoJ/FBI/USSS crypto-fraud domain seizure and charges
Law Enforcement
First: 27.04.2026 18:00
Last: 27.04.2026 18:00
Sources 1
About this happening:
**DoJ**, **FBI**, and **US Secret Service** investigators **seized 503 domains** linked to **fraudulent crypto platforms**, disrupting infrastructure used in a Cambodia-based scam...
DoJ/FBI/USSS crypto-fraud domain seizure and charges
Law EnforcementAbout this happening: **DoJ**, **FBI**, and **US Secret Service** investigators **seized 503 domains** linked to **fraudulent crypto platforms**, disrupting infrastructure used in a Cambodia-based scam...
OFAC sanctions Cambodian crypto-fraud network
Regulatory/Legal Action
First: 27.04.2026 18:00
Last: 27.04.2026 18:00
Sources 1
About this happening:
US sanctions now target **Senator Kok An** and **29 individuals and organizations** tied to alleged **crypto-fraud**, blocking **US-based assets** and restricting transactions wit...
OFAC sanctions Cambodian crypto-fraud network
Regulatory/Legal ActionAbout this happening: US sanctions now target **Senator Kok An** and **29 individuals and organizations** tied to alleged **crypto-fraud**, blocking **US-based assets** and restricting transactions wit...
US Scam Center Strike Force indictments and domain seizures against scam centers
Law Enforcement
First: 24.04.2026 19:48
Last: 24.04.2026 19:48
Sources 1
About this happening:
US authorities **indicted** two people and **seized** scam infrastructure in a **financial-fraud** case targeting Southeast Asian scam centers, disrupting operations used to scam...
US Scam Center Strike Force indictments and domain seizures against scam centers
Law EnforcementAbout this happening: US authorities **indicted** two people and **seized** scam infrastructure in a **financial-fraud** case targeting Southeast Asian scam centers, disrupting operations used to scam...
Timeline
-
18.03.2026 19:26 1 articles · 2mo ago
Remote worker hired for Salesforce data role in DPRK IT worker scheme
Exploitation ObservedAn IT worker was hired on August 15, 2025 as a remote employee to work on Salesforce data for an affected organization after replying to a help wanted ad, establishing access for a fraudulent employment effort tied to the DPRK IT worker scheme.
Show sources
- OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs — thehackernews.com — 18.03.2026 19:26
-
18.03.2026 19:26 1 articles · 2mo ago
Remote worker terminated after consistent logins from China
Detection Ioc UpdateThe same remote employee was terminated on August 25, 2025 after indicators showed consistent logins from China, exposing suspicious access activity at the affected organization.
Show sources
- OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs — thehackernews.com — 18.03.2026 19:26
-
18.03.2026 19:26 4 articles · 2mo ago
OFAC sanctions DPRK IT worker network
Legal Policy Action UpdateOn March 18, 2026, OFAC sanctioned six individuals and two entities tied to the DPRK IT worker scheme, which used bogus documentation, stolen identities, fabricated personas, malware, and extortion to defraud U.S. businesses and generate illicit revenue for North Korea's WMD programs.
Show sources
- OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs — thehackernews.com — 18.03.2026 19:26
- OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs — thehackernews.com — 18.03.2026 19:26
- U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits — thehackernews.com — 28.08.2025 11:53
- US sanctions North Korean bankers linked to cybercrime, IT worker fraud — www.bleepingcomputer.com — 05.11.2025 12:34