Verify a decision

{"actor":"system:backfill","investigation_id":"fabc3b8e-ff5f-4af6-856a-f4616f863b6f","kind":"publish","page_slug":"korea-mangyongdae-computer-technology-company","published_at":"2026-06-03T00:08:07.185Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Korea Mangyongdae Computer Technology Company","sections":[{"content":"On November 4, 2025, OFAC designated Korea Mangyongdae Computer Technology Company (KMCTC) on the Specially Designated Nationals (SDN) list pursuant to Executive Order 13810, which targets persons operating in the information technology industry in the DPRK. The designation was part of a broader action targeting eight individuals and two entities for laundering proceeds from North Korean cybercrime and IT worker fraud schemes. KMCTC's president, U Yong Su (date of birth June 19, 1971, based in Dandong, China), was separately designated under E.O. 13810 for being owned or controlled by, or acting on behalf of, KMCTC. The designation was also published in the Federal Register on November 17, 2025 (2025-19924). As a result of the designation, all U.S.-nexus property and interests of KMCTC and U Yong Su are blocked, and U.S. persons are generally prohibited from transacting with them. KMCTC also appears on the U.S. Trade Consolidated Screening List and U.S. SAM Procurement Exclusions list.","heading":"OFAC Designation and Regulatory Status","severity":"critical","sources":[{"credibility":1,"name":"Treasury Sanctions DPRK Bankers and Institutions Involved in Laundering Cybercrime Proceeds and IT Worker Funds — U.S. Department of the Treasury","type":"regulatory","url":"https://home.treasury.gov/news/press-releases/sb0302"},{"credibility":1,"name":"Federal Register — Notice of OFAC Sanctions Action (2025-19924)","type":"regulatory","url":"https://www.federalregister.gov/documents/2025/11/17/2025-19924/notice-of-ofac-sanctions-action"},{"credibility":1,"name":"Korea Mangyongdae Computer Technology Corporation — OpenSanctions","type":"regulatory","url":"https://www.opensanctions.org/entities/NK-PhCkg7oHMQ6Atcbbh2d4Ra/"}]},{"content":"KMCTC is headquartered in Songhung-dong, North Korea, and is reported to operate IT worker delegations from the Chinese cities of Shenyang and Dandong. According to OFAC and open-source reporting, the MAEI 607 Management Office operates KMCTC and links it to DPRK government and military-industrial structures. OpenSanctions also documents a relationship between KMCTC and the Munitions Industry Department (MID), the DPRK organ overseeing weapons production and ballistic missile R&D, and notes that KMCTC provided North Korean IT workers to Albatross Co. Ltd. The name 'Mangyongdae' references the Mangyongdae district of Pyongyang, which holds symbolic significance as the officially designated birthplace of DPRK founder Kim Il Sung. KMCTC operates under aliases including 'Korea Mangyongdae Computer Technology Corp.' and 'Mangyongdae Computer Technology.'","heading":"Organizational Structure and State Affiliations","severity":"critical","sources":[{"credibility":1,"name":"Korea Mangyongdae Computer Technology Corporation — OpenSanctions","type":"regulatory","url":"https://www.opensanctions.org/entities/NK-PhCkg7oHMQ6Atcbbh2d4Ra/"},{"credibility":2,"name":"US Treasury Sanctions DPRK Bankers and Front Companies — TRM Labs","type":"research","url":"https://www.trmlabs.com/resources/blog/us-treasury-sanctions-dprk-bankers-and-front-companies-laundering-proceeds-from-cybercrime-and-it-worker-operations"}]},{"content":"KMCTC dispatched IT worker delegations to at least two cities in China — Shenyang and Dandong — where workers operated under false or stolen identities to seek employment on international freelance platforms and with Western technology companies. North Korean IT workers operating through networks like KMCTC used platforms including LinkedIn, Upwork, GitHub, CodeSandbox, Freelancer, Medium, RemoteHub, CrowdWorks, and WorkSpace.ru. Workers employed deepfake and AI-assisted technology to pass video interviews and requested company laptops be routed to addresses controlled by facilitators. In some documented cases, DPRK IT workers engaged non-North Korean freelancers to execute project work and split revenue — further obscuring the illicit origin of funds. U.S. officials estimated DPRK IT worker schemes collectively generate hundreds of millions of dollars per year for the regime. The UN Sanctions Monitoring Team estimated the broader DPRK IT worker ecosystem generated $250–$600 million annually since 2018, with nearly $800 million generated in 2024 alone.","heading":"IT Worker Fraud Operations","severity":"critical","sources":[{"credibility":1,"name":"Treasury Sanctions DPRK Bankers and Institutions — U.S. Treasury","type":"regulatory","url":"https://home.treasury.gov/news/press-releases/sb0302"},{"credibility":2,"name":"US Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud — The Hacker News","type":"news_article","url":"https://thehackernews.com/2025/11/us-sanctions-10-north-korean-entities.html"},{"credibility":2,"name":"North Korean Remote Worker Scheme — Wikipedia","type":"other","url":"https://en.wikipedia.org/wiki/North_Korean_remote_worker_scheme"},{"credibility":2,"name":"OFAC Targets DPRK IT Workers Using Crypto — Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/ofac-targets-north-korean-it-workers-crypto-march-2026/"}]},{"content":"KMCTC IT workers used Chinese nationals as banking proxies to obscure the origin of funds generated through fraudulent employment schemes. Proceeds were moved through layers of intermediaries — including OTC brokers, FX dealers, and nested service providers — before being converted to fiat and returned to DPRK-controlled accounts. Cheil Credit Bank (also known as First Credit Bank), a North Korea-based financial institution separately sanctioned by OFAC, received salary-like inbound flows from KMCTC-linked IT workers. On-chain analytics firms noted that Cheil Credit Bank's designated wallet addresses collectively received more than $12.7 million between June 2023 and May 2025, and that these flows showed consistent patterns resembling periodic salary payments. OFAC added 53 cryptocurrency addresses associated with Cheil Credit Bank to the SDN list on the same date as the KMCTC designation; the combined balance at designation exceeded $5.4 million, with Tether having already blacklisted 26 of those addresses prior to official designation. Funds were moved across Ethereum and Tron networks, through mainstream exchanges, DeFi protocols, and cross-chain bridges, before being converted at Chinese-language OTC services. Bankers Jang Kuk Chol and Ho Jong Son are alleged to have managed approximately $5.3 million in cryptocurrency for Cheil Credit Bank, a portion of which has been linked to a DPRK ransomware actor known to have targeted U.S. victims.","heading":"Cryptocurrency Laundering Methods and Banking Proxies","severity":"critical","sources":[{"credibility":2,"name":"OFAC Lists 53 Crypto Addresses of Sanctioned North Korean Cheil Credit Bank — Elliptic","type":"research","url":"https://www.elliptic.co/blog/ofac-lists-53-crypto-addresses-of-sanctioned-north-korean-cheil-credit-bank"},{"credibility":2,"name":"US Treasury Sanctions DPRK Bankers and Front Companies — TRM Labs","type":"research","url":"https://www.trmlabs.com/resources/blog/us-treasury-sanctions-dprk-bankers-and-front-companies-laundering-proceeds-from-cybercrime-and-it-worker-operations"},{"credibility":2,"name":"North Korea IT Workers: Inside the DPRK's Crypto Laundering Network — Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/dprk-it-workers-north-korea-crypto-laundering-networks/"},{"credibility":2,"name":"OFAC Sanctions: AML Compliance with DPRK-Linked Activity — Money Laundering Watch","type":"news_article","url":"https://www.moneylaunderingnews.com/2025/11/ofac-sanctions-aml-compliance-with-dprk-linked-activity/"}]},{"content":"The November 4, 2025 OFAC action designated eight individuals alongside KMCTC and Ryujong Credit Bank. U Yong Su (DOB June 19, 1971; based in Dandong, China) serves as KMCTC's president and was designated for acting on behalf of the entity. Bankers Jang Kuk Chol and Ho Jong Son managed funds on behalf of Cheil Credit Bank, including approximately $5.3 million in cryptocurrency linked to DPRK ransomware and IT worker proceeds. Five additional financial representatives based in Russia and China were also designated: Ho Yong Chol, who allegedly facilitated over $2.5 million in USD-to-CNY conversions and managed $85 million in broader transactions; Han Hong Gil, alleged to have coordinated over $630,000 in transactions; Jong Sung Hyok, alleged to be the chief Foreign Trade Bank representative in Vladivostok; Choe Chun Pom, alleged to have facilitated over $200,000 in transactions; and Ri Jin Hyok, alleged to have processed over $350,000 across multiple currencies.","heading":"Associated Individuals Sanctioned in the Same Action","severity":"high","sources":[{"credibility":1,"name":"Treasury Sanctions DPRK Bankers and Institutions — U.S. Treasury","type":"regulatory","url":"https://home.treasury.gov/news/press-releases/sb0302"},{"credibility":2,"name":"Treasury Sanctions 8 for Laundering North Korea Earnings — The Record (Recorded Future News)","type":"news_article","url":"https://therecord.media/north-korea-us-sanctions-it-worker-scams-cybercrime"},{"credibility":2,"name":"US Sanctions North Korean Bankers Over Crypto Laundering — CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2025/11/04/u-s-sanctions-north-korean-bankers-over-crypto-laundering-tied-to-cyberattacks"}]},{"content":"U.S. and UN authorities allege that proceeds generated by KMCTC's IT worker delegations flow directly to the DPRK state, funding the regime's nuclear and ballistic missile programs. A March 2024 UN Security Council sanctions committee report estimated that malicious cyberactivities — including IT worker schemes — generate approximately 50 percent of North Korea's foreign currency income and fund approximately 40 percent of its weapons of mass destruction programs. The Treasury Department noted that DPRK cyber actors and IT workers together have stolen over $3 billion primarily in cryptocurrency over the three years preceding the November 2025 designation. North Korea-linked hackers stole approximately $2.02 billion in cryptocurrency in 2025 alone, according to research published by The Hacker News in December 2025, pushing the DPRK's all-time theft total to an estimated $6.75 billion.","heading":"Connection to DPRK Weapons Financing","severity":"critical","sources":[{"credibility":1,"name":"Treasury Sanctions DPRK Bankers and Institutions — U.S. Treasury","type":"regulatory","url":"https://home.treasury.gov/news/press-releases/sb0302"},{"credibility":2,"name":"North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft — The Hacker News","type":"news_article","url":"https://thehackernews.com/2025/12/north-korea-linked-hackers-steal-202.html"},{"credibility":1,"name":"DPRK Violations and Evasions of UN Sanctions — State.gov","type":"regulatory","url":"https://www.state.gov/releases/office-of-the-spokesperson/2026/01/the-democratic-peoples-republic-of-koreas-violations-and-evasions-of-un-sanctions-through-cyber-and-it-worker-activities/"}]},{"content":"KMCTC operates within a well-documented and expanding DPRK IT worker ecosystem. Other entities operating comparable overseas IT worker delegations include Chinyong Information Technology Cooperation Company (sanctioned by OFAC and South Korea's MOFA in May 2023), Korea Osong Shipping Co., Chonsurim Trading Corporation (both sanctioned January 2025), and Amnokgang Technology Development Company (sanctioned March 2026). The broader network is estimated to encompass over 40,000 IT workers operating abroad under false identities. ZachXBT, an on-chain investigator, uncovered a North Korea-linked IT worker network generating approximately $1 million monthly via crypto payment flows, as reported by The Block. The U.S. Justice Department has also pursued criminal cases: two U.S. nationals were sentenced for facilitating a fraudulent remote IT worker scheme that generated $5 million in revenue for the DPRK. A coordinated nationwide DOJ enforcement action was announced targeting similar schemes. The scheme's infrastructure relies on 'laptop farms' — physical locations where facilitators route company laptops on behalf of DPRK workers to maintain the appearance of domestic employment.","heading":"Broader DPRK IT Worker Ecosystem","severity":"high","sources":[{"credibility":2,"name":"ZachXBT Uncovers North Korea-Linked IT Worker Network Generating $1M Monthly — The Block","type":"research","url":"https://www.theblock.co/post/396847/zachxbt-uncovers-north-korea-linked-it-worker-network-generating-1m-monthly-via-crypto-payment-flows"},{"credibility":1,"name":"Two U.S. Nationals Sentenced for Facilitating Fraudulent Remote IT Worker Scheme — DOJ","type":"court_filing","url":"https://www.justice.gov/opa/pr/two-us-nationals-sentenced-facilitating-fraudulent-remote-information-technology-worker"},{"credibility":1,"name":"Justice Department Announces Coordinated, Nationwide Actions to Combat North Korean Remote IT Workers — DOJ","type":"regulatory","url":"https://www.justice.gov/opa/pr/justice-department-announces-coordinated-nationwide-actions-combat-north-korean-remote"},{"credibility":2,"name":"OFAC Targets DPRK IT Workers Using Crypto (March 2026) — Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/ofac-targets-north-korean-it-workers-crypto-march-2026/"}]},{"content":"All U.S. persons and entities are prohibited from transacting with KMCTC, U Yong Su, and any property in which they hold an interest, without specific OFAC authorization. Third-party financial institutions, cryptocurrency exchanges, and technology platforms risk secondary sanctions exposure for knowingly facilitating transactions involving KMCTC or its network. AML compliance practitioners have flagged several red flags associated with KMCTC-linked IT worker activity: the use of freelance hiring platforms with suspicious identity characteristics; requests to route company laptops to third-party addresses; IP addresses inconsistent with claimed work locations; salary payments made in stablecoins (particularly USDT on Tron); and the use of Chinese-language OTC desks and nested exchange services for fund off-ramping. Tether's blacklisting of 26 Cheil Credit Bank addresses prior to OFAC's formal action demonstrates how blockchain analytics and stablecoin issuers can act as an early-warning layer within the compliance stack.","heading":"Compliance and Counterparty Risk","severity":"high","sources":[{"credibility":2,"name":"OFAC Sanctions: AML Compliance with DPRK-Linked Activity — Money Laundering Watch","type":"news_article","url":"https://www.moneylaunderingnews.com/2025/11/ofac-sanctions-aml-compliance-with-dprk-linked-activity/"},{"credibility":2,"name":"OFAC Lists 53 Crypto Addresses of Sanctioned North Korean Cheil Credit Bank — Elliptic","type":"research","url":"https://www.elliptic.co/blog/ofac-lists-53-crypto-addresses-of-sanctioned-north-korean-cheil-credit-bank"},{"credibility":2,"name":"OFAC Sanctions: AML Compliance with DPRK-Linked Activity — Mondaq","type":"news_article","url":"https://www.mondaq.com/unitedstates/money-laundering/1709956/ofac-sanctions-aml-compliance-with-dprk-linked-activity"}]}],"sources_used":[{"credibility":1,"name":"Treasury Sanctions DPRK Bankers and Institutions Involved in Laundering Cybercrime Proceeds and IT Worker Funds — U.S. Department of the Treasury","type":"regulatory","url":"https://home.treasury.gov/news/press-releases/sb0302"},{"credibility":1,"name":"Federal Register — Notice of OFAC Sanctions Action (2025-19924)","type":"regulatory","url":"https://www.federalregister.gov/documents/2025/11/17/2025-19924/notice-of-ofac-sanctions-action"},{"credibility":1,"name":"Korea Mangyongdae Computer Technology Corporation — OpenSanctions","type":"regulatory","url":"https://www.opensanctions.org/entities/NK-PhCkg7oHMQ6Atcbbh2d4Ra/"},{"credibility":1,"name":"Disrupting Illicit DPRK Bankers and Institutions Laundering Cybercrime and IT Worker Funds — U.S. Department of State","type":"regulatory","url":"https://www.state.gov/releases/office-of-the-spokesperson/2025/11/disrupting-illicit-dprk-bankers-and-institutions-laundering-cybercrime-and-it-worker-funds"},{"credibility":1,"name":"DPRK Violations and Evasions of UN Sanctions Through Cyber and IT Worker Activities — U.S. Department of State (January 2026)","type":"regulatory","url":"https://www.state.gov/releases/office-of-the-spokesperson/2026/01/the-democratic-peoples-republic-of-koreas-violations-and-evasions-of-un-sanctions-through-cyber-and-it-worker-activities/"},{"credibility":1,"name":"Two U.S. Nationals Sentenced for Facilitating Fraudulent Remote IT Worker Scheme — U.S. DOJ","type":"court_filing","url":"https://www.justice.gov/opa/pr/two-us-nationals-sentenced-facilitating-fraudulent-remote-information-technology-worker"},{"credibility":1,"name":"Justice Department Announces Coordinated, Nationwide Actions to Combat North Korean Remote IT Workers — U.S. DOJ","type":"regulatory","url":"https://www.justice.gov/opa/pr/justice-department-announces-coordinated-nationwide-actions-combat-north-korean-remote"},{"credibility":2,"name":"US Treasury Sanctions DPRK Bankers and Front Companies Laundering Proceeds from Cybercrime and IT Worker Operations — TRM Labs","type":"research","url":"https://www.trmlabs.com/resources/blog/us-treasury-sanctions-dprk-bankers-and-front-companies-laundering-proceeds-from-cybercrime-and-it-worker-operations"},{"credibility":2,"name":"OFAC Lists 53 Crypto Addresses of Sanctioned North Korean Cheil Credit Bank — Elliptic","type":"research","url":"https://www.elliptic.co/blog/ofac-lists-53-crypto-addresses-of-sanctioned-north-korean-cheil-credit-bank"},{"credibility":2,"name":"North Korea IT Workers: Inside the DPRK's Crypto Laundering Network — Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/dprk-it-workers-north-korea-crypto-laundering-networks/"},{"credibility":2,"name":"OFAC Targets DPRK IT Workers Using Crypto (March 2026) — Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/ofac-targets-north-korean-it-workers-crypto-march-2026/"},{"credibility":2,"name":"US Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud — The Hacker News","type":"news_article","url":"https://thehackernews.com/2025/11/us-sanctions-10-north-korean-entities.html"},{"credibility":2,"name":"US Sanctions North Korean Bankers Linked to Cybercrime, IT Worker Fraud — BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/us-treasury-sanctions-north-korean-bankers-linked-to-cybercrime-it-worker-fraud/"},{"credibility":2,"name":"Treasury Sanctions 8 for Laundering North Korea Earnings — The Record (Recorded Future News)","type":"news_article","url":"https://therecord.media/north-korea-us-sanctions-it-worker-scams-cybercrime"},{"credibility":2,"name":"US Sanctions North Korean Bankers Over Crypto Laundering — CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2025/11/04/u-s-sanctions-north-korean-bankers-over-crypto-laundering-tied-to-cyberattacks"},{"credibility":2,"name":"US Sanctions North Korean Bankers, IT Fronts in $3 Billion Crypto Theft Scheme — OCCRP","type":"news_article","url":"https://www.occrp.org/en/news/us-sanctions-north-korean-bankers-it-fronts-in-3-billion-crypto-theft-scheme"},{"credibility":2,"name":"North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft — The Hacker News","type":"news_article","url":"https://thehackernews.com/2025/12/north-korea-linked-hackers-steal-202.html"},{"credibility":2,"name":"OFAC Sanctions: AML Compliance with DPRK-Linked Activity — Money Laundering Watch","type":"news_article","url":"https://www.moneylaunderingnews.com/2025/11/ofac-sanctions-aml-compliance-with-dprk-linked-activity/"},{"credibility":2,"name":"ZachXBT Uncovers North Korea-Linked IT Worker Network Generating $1M Monthly — The Block","type":"research","url":"https://www.theblock.co/post/396847/zachxbt-uncovers-north-korea-linked-it-worker-network-generating-1m-monthly-via-crypto-payment-flows"},{"credibility":2,"name":"North Korean Remote Worker Scheme — Wikipedia","type":"other","url":"https://en.wikipedia.org/wiki/North_Korean_remote_worker_scheme"},{"credibility":2,"name":"US Sanctions 8 N. Korean Individuals, 2 Entities Over Cybercrime Money Laundering — The Korea Times","type":"news_article","url":"https://www.koreatimes.co.kr/foreignaffairs/northkorea/20251105/us-sanctions-8-n-korean-individuals-2-entities-over-cybercrime-money-laundering"}],"summary":"Korea Mangyongdae Computer Technology Company (KMCTC) is a North Korean state-linked IT firm sanctioned by the U.S. Treasury's Office of Foreign Assets Control (OFAC) on November 4, 2025, for operating overseas IT worker delegations in China and using Chinese nationals as banking proxies to launder proceeds from fraudulent employment and cybercrime schemes. The company is operated under the MAEI 607 Management Office, which connects it to the DPRK's military-industrial apparatus, and its IT workers are alleged to have generated hundreds of millions of dollars annually for the North Korean regime's weapons programs. KMCTC and its president, U Yong Su, are designated on the U.S. SDN list under Executive Order 13810.","timeline":[{"date":"2017-09-01","event":"Cheil Credit Bank (also known as First Credit Bank) first designated by OFAC on the SDN list, establishing a regulatory baseline for the banking infrastructure later used to launder KMCTC IT worker proceeds.","source":"Elliptic — OFAC Lists 53 Crypto Addresses of Sanctioned North Korean Cheil Credit Bank","source_url":"https://www.elliptic.co/blog/ofac-lists-53-crypto-addresses-of-sanctioned-north-korean-cheil-credit-bank"},{"date":"2018-01-01","event":"UN Sanctions Monitoring Team begins documenting DPRK IT worker revenue-generation schemes, later estimating $250–$600 million generated annually from this period onward.","source":"TRM Labs — US Treasury Sanctions DPRK Bankers and Front Companies","source_url":"https://www.trmlabs.com/resources/blog/us-treasury-sanctions-dprk-bankers-and-front-companies-laundering-proceeds-from-cybercrime-and-it-worker-operations"},{"date":"2023-05-01","event":"OFAC and South Korea's Ministry of Foreign Affairs sanction Chinyong Information Technology Cooperation Company for employing DPRK IT workers abroad, a precedent action for the KMCTC designation.","source":"Chainalysis — North Korea IT Workers: Inside the DPRK's Crypto Laundering Network","source_url":"https://www.chainalysis.com/blog/dprk-it-workers-north-korea-crypto-laundering-networks/"},{"date":"2023-06-01","event":"Cheil Credit Bank-linked cryptocurrency wallet addresses begin receiving sustained inbound flows. Over the subsequent two years (June 2023 – May 2025), these addresses collectively receive more than $12.7 million, reflecting patterns consistent with IT worker salary payments.","source":"TRM Labs — US Treasury Sanctions DPRK Bankers and Front Companies","source_url":"https://www.trmlabs.com/resources/blog/us-treasury-sanctions-dprk-bankers-and-front-companies-laundering-proceeds-from-cybercrime-and-it-worker-operations"},{"date":"2025-01-01","event":"OFAC sanctions Korea Osong Shipping Co. and Chonsurim Trading Corporation for sending DPRK IT workers to Laos, part of the expanding enforcement campaign against DPRK IT worker front companies.","source":"North Korean Remote Worker Scheme — Wikipedia","source_url":"https://en.wikipedia.org/wiki/North_Korean_remote_worker_scheme"},{"date":"2025-02-01","event":"Lazarus Group executes the Bybit hack, stealing approximately $1.5 billion in a single operation using hybrid techniques combining embedded IT workers and credential theft.","source":"From Digital Kleptocracy to Rogue Crypto-Superpower — 38 North","source_url":"https://www.38north.org/2026/01/from-digital-kleptocracy-to-rogue-crypto-superpower/"},{"date":"2025-04-01","event":"Tether blacklists 26 cryptocurrency addresses associated with Cheil Credit Bank prior to OFAC's formal designation, an early compliance response that precedes official regulatory action.","source":"Elliptic — OFAC Lists 53 Crypto Addresses of Sanctioned North Korean Cheil Credit Bank","source_url":"https://www.elliptic.co/blog/ofac-lists-53-crypto-addresses-of-sanctioned-north-korean-cheil-credit-bank"},{"date":"2025-11-04","event":"OFAC designates Korea Mangyongdae Computer Technology Company and its president U Yong Su on the SDN list pursuant to E.O. 13810. Eight individuals and two entities total are designated in the same action, including Ryujong Credit Bank and five financial representatives in China and Russia. OFAC simultaneously adds 53 cryptocurrency addresses to Cheil Credit Bank's SDN entry.","source":"U.S. Department of the Treasury — Press Release SB0302","source_url":"https://home.treasury.gov/news/press-releases/sb0302"},{"date":"2025-11-04","event":"U.S. Department of State issues a concurrent statement on disrupting illicit DPRK bankers and institutions laundering cybercrime and IT worker funds, reinforcing the Treasury action with a foreign policy framing.","source":"U.S. Department of State — Disrupting Illicit DPRK Bankers and Institutions","source_url":"https://www.state.gov/releases/office-of-the-spokesperson/2025/11/disrupting-illicit-dprk-bankers-and-institutions-laundering-cybercrime-and-it-worker-funds"},{"date":"2025-11-17","event":"Federal Register publishes OFAC's formal notice of the sanctions action (document 2025-19924), providing the official public record of KMCTC's SDN designation.","source":"Federal Register — Notice of OFAC Sanctions Action","source_url":"https://www.federalregister.gov/documents/2025/11/17/2025-19924/notice-of-ofac-sanctions-action"},{"date":"2025-12-01","event":"North Korea-linked hackers are reported to have stolen approximately $2.02 billion in cryptocurrency in 2025 — a 51% year-over-year increase — pushing the DPRK's all-time theft total to an estimated $6.75 billion.","source":"The Hacker News — North Korea-Linked Hackers Steal $2.02 Billion in 2025","source_url":"https://thehackernews.com/2025/12/north-korea-linked-hackers-steal-202.html"},{"date":"2026-01-01","event":"The U.S. and members of the Multilateral Sanctions Monitoring Team (MSMT) at the United Nations publish a report highlighting the DPRK's violations and evasions of UN sanctions through cyber and IT worker activities, referencing the broader ecosystem in which KMCTC operates.","source":"U.S. Department of State — DPRK Violations and Evasions of UN Sanctions","source_url":"https://www.state.gov/releases/office-of-the-spokesperson/2026/01/the-democratic-peoples-republic-of-koreas-violations-and-evasions-of-un-sanctions-through-cyber-and-it-worker-activities/"},{"date":"2026-03-12","event":"OFAC issues a new round of sanctions targeting six individuals and two entities for DPRK IT worker fraud schemes, including Amnokgang Technology Development Company. The action confirms that the IT worker enforcement campaign continues beyond the November 2025 KMCTC designation.","source":"Chainalysis — OFAC Targets DPRK IT Workers Using Crypto (March 2026)","source_url":"https://www.chainalysis.com/blog/ofac-targets-north-korean-it-workers-crypto-march-2026/"}]},"v":1}