The Treasury Department’s Office of Foreign Assets Control (OFAC) today announced sanctions against four entities and one individual for their involvement in illicit computer schemes and cyberattacks that generate revenue to fund government development programs. weapons of North Korea.
North Korea’s illicit revenue-generating strategy relies heavily on a massive ‘army’ of thousands of IT workers who hide their identities to be hired by companies overseas, OFAC says in a press release issued on Tuesday.
To gain employment with targeted companies, they employ various deceptive tactics, including the use of stolen identities, fake personas, and forged or forged documents.
Although they are located in China and Russia, they funnel revenue generated through funds earned through these efforts to fuel the Pyongyang regime’s weapons programs.
Each year, some of the fraudulently employed North Korean IT workers can amass salaries in excess of $300,000 while intentionally concealing their true identity, location, and nationality.
“The DPRK conducts malicious cyber activities and deploys information technology (IT) workers overseas who fraudulently obtain employment to generate revenue that supports the Kim regime,” US Secretary of State Antony said. J. Blinken. said.
“The DPRK’s vast illicit cybersecurity and computer worker operations threaten international security by funding the DPRK regime and its dangerous activities, including its illegal weapons of mass destruction (WMD) programs ) and ballistic missiles.”
The list of Democratic People’s Republic of Korea (DPRK) entities sanctioned today for their involvement in cyberattacks and illicit computer revenue-generating programs include:
- Pyongyang Automation University: responsible for training “malicious cyber actors”, many of whom work for the Reconnaissance General Bureau (RGB) (North Korea’s main intelligence bureau responsible for coordinating the country’s cyberattacks)
- RGB’s Technical Reconnaissance Office and the cyber unit of the 110th Research Center: involved in the development of malicious tools, the coordination of departments related to North Korean threat actors such as the notorious Lazarus Groupand cyberattacks targeting organizations in the United States and the Republic of Korea
- Chinyong Information Technology Cooperation Company (a.k.a. Jinyong IT Cooperation Company): linked to North Korea’s Ministry of People’s Armed Forces and coordinating IT workers operating from Russia and Laos to generate revenue for the country’s regime
- North Korean national Kim Sang Man: Involved in paying salaries of family members of overseas Chinyong IT worker delegations
A year ago, OFAC also sanctioned tornado money And the Blender.io cryptocurrency mixers used by North Korean hackers from the Lazarus Group to launder most of the $620 million Ethereum stolen from the biggest cryptocurrency heist ever after hacking Axie Infinity’s Ronin Network Bridge in April 2022.
DPRK hacking groups Lazarus, Bluenoroff and Andariel were also sanctioned in September 2019 for channel financial assets stolen in cyberattacks on the country’s government.
According to a recent confidential report released by a United Nations panel of experts, North Korean threat actors engaged in an all-time high of cryptocurrency theft last year.
He estimated they stole between $630 million and over $1 billion in 2022, surpassing previous years’ figures and effectively doubling Pyongyang’s illicit gains from cyber theft in 2021.
“Today’s action continues to shine a light on the DPRK’s vast illicit cyber and information technology operations, which fund the illegal weapons of mass destruction and ballistic missile programs. regime,” he added. said Brian E. Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence, today.
“The United States and our partners remain committed to combating the DPRK’s illicit revenue-generating activities and to continuing efforts to steal money from financial institutions, virtual currency exchanges, businesses, and individuals around the world. entire.”