U.S. Hunts North Korea’s $15M Crime Network

Washington: The United States is escalating its fight against North Korea’s “sophisticated criminal schemes”, which Washington claimed generate billions to fund its unlawful weapons of mass destruction (WMD) and ballistic missile programmes through activities like cryptocurrency theft, fraudulent IT work, weapons trafficking, and luxury goods smuggling.

The U.S. Departments of State, Justice, and Treasury today offered rewards totalling up to $15 million through the State Department’s Transnational Organized Crime Rewards Program (TOCRP) for information leading to the arrests or convictions of seven North Korean nationals, including Sim Hyon-Sop, who orchestrated these “illicit” operations. The actions target schemes that exploit U.S. companies, undermine global financial systems, and fuel North Korea’s “destabilising activities”, including missile transfers to Russia for use in Ukraine.

The TOCRP offers up to $7 million for information on Sim Hyon-Sop, a key figure in tobacco trading schemes to access U.S. dollars, and up to $3 million each for Myong Chol-Min and Kim Se-Un, with $500,000 each for Kim Yong-Bok, Kim Chol-Min (a.k.a. “Jack”), Ri Tong-Min (a.k.a. “Elvis”), and Ri Won-Ho. These individuals are charged with illicit activities, including buying and selling North Korean tobacco to bypass sanctions, often targeting U.S. firms. Sim Hyon-Sop and Kim Se-Un are also linked to schemes dispatching thousands of North Korean IT workers abroad, often from Russia, China, and Vietnam, to secure high-paying remote jobs with U.S. companies, including Fortune 500 firms. These workers, posing as legitimate employees, funnel salaries back to North Korea, directly funding its WMD and missile programs in violation of UN and U.S. sanctions.

On July 24, 2025, the Treasury Department designated Korea Sobaeksu Trading Company, which has deployed IT workers to Vietnam, and three North Korean nationals—Kim Se-Un, Myong Chol-Min, and Jo Kyong Hun—for their roles in these revenue-generating schemes. The same day, U.S. citizen Christina Marie Chapman was sentenced in the District of Columbia for aiding a North Korean IT worker scheme that defrauded over 300 U.S. companies, siphoning funds to North Korea’s weapons programs. These schemes exploit the high salaries of U.S. remote jobs, with workers operating through front companies to mask their ties to North Korea’s Munitions Industry Department and Ministry of Atomic Energy and Industry.

The State Department’s Rewards for Justice (RFJ) programme bolsters these efforts, offering up to $5 million for information disrupting North Korea’s financial mechanisms, as authorised by the North Korea Sanctions and Policy Enhancement Act of 2016 (NKSPEA). The RFJ targets a wide range of illicit activities, including:

• Exporting military weapons or arms from North Korea, often to entities or individuals globally.
• Cyberattacks on financial institutions and cryptocurrency exchanges have been stealing funds for the regime.
• Ship-to-ship transfers of coal from North Korea or crude oil and petroleum to it, evading sanctions.
• Employing North Korean labourers abroad, such as in construction or IT, to generate regime revenue.
• Money laundering through overseas bank accounts or virtual currency, often via front companies.
• Trafficking narcotics, counterfeiting goods or currency, and smuggling bulk cash.
• Importing luxury goods like automobiles, designer clothing, jewellery, or alcohol for North Korea’s elites.
• Facilitating serious human rights abuses or censorship by the North Korean government.
• Supplying significant amounts of precious metals, graphite, or software for WMD-related industrial processes.
• Providing fuel, bunkering services, or insurance for vessels or aircraft designated under UN or U.S. sanctions.

The RFJ also seeks information on violations of the Computer Fraud and Abuse Act (CFAA), targeting unauthorised computer intrusions, destructive malware, ransomware, and extortion attempts aimed at extracting money or information from U.S. entities. Specific activities include stealing data from public and private sector networks, deploying ransomware, and sending extortionate threats, all to benefit North Korea’s regime. For example, North Korean hackers have targeted global cryptocurrency exchanges, with stolen funds laundered through complex networks to support sanctioned entities.

North Korea’s overseas networks, including front and cover companies, provide access to technology, illicit finance, and facilitators, enabling the regime to evade sanctions and fund programs like ballistic missile development, some of which have been used in Russian strikes on Ukrainian cities, including Kyiv. The U.S. is engaging foreign governments hosting North Korean IT workers to curb these schemes, aiming to protect Americans and the global financial system.

Washington is also encouraging tips to be submitted confidentially to the FBI through U.S. embassies, consulates, or local FBI field offices. The RFJ’s Tor-based channel (he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion) is also available. Government officials providing tips in official duties are ineligible for rewards, per 22 U.S.C. § 2708(f). The U.S. underscores its commitment to disrupting these transnational crimes, ensuring North Korea cannot profit from activities threatening global security.

– global bihari bureau