U.S. and South Korea Sanction North Korean Cybercrime Bureaus

News

American and South Korean authorities targeted on Monday multiple bureaus tied to North Korean cybercrime operations, which serve to illicitly generate revenue for Supreme Leader Kim Jong Un’s nuclear weapons program.

May 26, 2023

Ruled as a totalitarian dictatorship, North Korea employs malicious cyber actors across the world in order to steal information and funds. The country then uses these ill-gotten gains to further develop its weapons of mass destruction and ballistic missile programs, said Brian E. Nelson, U.S. Under Secretary of the Treasury for Terrorism and Financial Intelligence.

North Korea is no stranger to cybercrime, especially in the cryptocurrency domain. Of the estimated US$3.8 billion in crypto assets stolen last year, almost $1.7 billion, or just under half, was seized by North Korean hackers.

Both figures stand as new records, with the ostracized Kim regime shattering its previous high of $522 million.

But these developments did not occur by chance, the Treasury said. Pyongyang University of Automation, North Korea’s premier cyber institution, has succeeded in nurturing a new generation of hackers that are highly sought-after by the government’s Reconnaissance General Bureau (RGB).

The RGB is the country’s intelligence branch mandated with enacting malicious cyber operations around the world, in order to raise illegitimate funds for its Supreme Leader’s hopes of one day achieving true nuclear power status.

While the majority of the country lives in poverty, North Korea’s cyber actors can earn more than $300,000 per year for their services, the Treasury said.

It is for these reasons that the university earned its blacklisted status. The bureau itself was sanctioned back in 2015.

“The DPRK’s extensive illicit cyber and IT worker operations threaten international security by financing the DPRK regime and its dangerous activities, including its unlawful weapons of mass destruction (WMD) and ballistic missile programs,” said Antony J. Blinken, U.S. Secretary of State.

As part of this new wave of sanctions, the Treasury also sanctioned the RGB-controlled Technical Reconnaissance Bureau and its subordinate cyber unit, the 110th Research Center. These institutions coordinate Pyongyang’s offensive cyber tactics, including those executed by the infamous Lazarus Group, a North Korean-affiliated cybercrime syndicate.

In March last year, the Lazarus Group hacked into an online NFT blockchain game called Axie Infinity and stole over $600 million in virtual assets. Such was their sophistication that, at the time of the heist, authorities had no clue of the group’s involvement; it took almost a year for the truth to come to light.

The 110th Research Center, meanwhile, has conducted numerous cyber theft operations worldwide, including attacks on both the U.S. and South Korea. In 2013, the center launched its DarkSeoul campaign, “which destroyed thousands of financial sector systems and resulted in outages at the top three media companies” in South Korea, the Treasury said.

The now-sanctioned 110th has also been linked to the theft of classified South Korea intelligence, including documents pertaining to military defense and response planning.

Last of the entities to be named was the Chinyong Information Technology Cooperation Company, also known as the Jinyong IT Cooperation Company. Chinyong, the Treasury said, networks with North Korean operators based in Russia and Laos.

North Korean national Kim Sang Man is linked to the processing of millions of dollars in payments to the family members of Chinyong overseas operators. For this he has been blacklisted by the U.S. as well; with South Korea targeting six additional cyber operatives, including three others from Jinyong.