Financial Crime World

North Korean Hackers Net Record-Breaking $630 Million in Cryptocurrency Stolen in 2022

US Slaps Sanctions on Four Entities and One Individual for Illicit Activities

The United States has announced sanctions on four entities and one individual involved in generating illicit revenue and malicious online activities to fund North Korea’s government.

Record-Breaking Cybertheft Proceeds

According to estimates, North Korean hackers stole more virtual currency in 2022 than in any previous year, with estimates ranging from $630 million to over $1 billion. This reportedly doubles Pyongyang’s total cybertheft proceeds in 2021.

Sanctioned Entities and Individual

The sanctioned entities include:

  • Pyongyang University of Automation: one of North Korea’s premier cybersecurity instruction institutions responsible for training malicious cybersecurity actors.
  • Technical Reconnaissance Bureau: leads the development of offensive cybersecurity tactics and tools, and operates several departments, including those affiliated with the Lazarus Group.
  • 110th Research Center: a cybersecurity unit subordinate to the Technical Reconnaissance Bureau.
  • Chinyong Information Technology Cooperation Company (also known as Jinyong IT Cooperation Company): associated with the UN and US-sanctioned Ministry of Peoples’ Armed Forces.
  • Kim Sang Man: a North Korean national and representative of Chinyong, presumed to be involved in the payment of salaries to family members of overseas DPRK worker delegations.

Background on Sanctioned Entities

  • The Pyongyang University of Automation trains malicious cybersecurity actors who go on to work in cybersecurity units subordinate to the Reconnaissance General Bureau (RGB).
  • The RGB- controlled Technical Reconnaissance Bureau and its subordinate cybersecurity unit, the 110th Research Center, have been sanctioned.
  • Chinyong Information Technology Cooperation Company employs delegations of DPRK IT workers that operate in Russia and Laos.

Kim Sang Man’s Involvement

Kim Sang Man has been affiliated with the US-designated Korea Computer Center and worked as an IT developer in the DPRK prior to being selected as an agent of the UN and US-designated RGB. He has received cryptocurrency funds transfers from IT teams located in China and Russia valued at more than $2 million.

Purpose of Sanctions

The sanctions aim to disrupt the North Korean government’s malicious cyber activities and financing of its dangerous programs, including weapons of mass destruction (WMD) and missile programs.

The DPRK’s extensive illicit cybersecurity and IT worker operations threaten international security by financing the DPRK regime and its dangerous activities, including its unlawful WMD and missile programs,” said a spokesperson for the Department of Treasury.

Coordination with South Korea

The action has been taken in coordination with South Korea, which is concurrently imposing sanctions against one entity and one individual associated with overseas DPRK IT workers.