Financial Crime World

US Imposes Sanctions on North Korean Entities Involved in Illicit Cyber Activities

Sanctions Target Malicious Online Activities

The US Department of Treasury has taken action against four entities and one individual involved in generating revenue for the Democratic People’s Republic of Korea (DPRK) through malicious online activities. The sanctions come as a response to the DPRK’s continued use of cybercrime to fund its regime.

Sanctioned Entities and Individual

The following entities have been linked to various malicious activities, including cyberattacks against networks worldwide and the theft of sensitive government information:

1. Pyongyang University of Automation

2. Technical Reconnaissance Bureau

3. 110th Research Center cybersecurity unit

4. Chinyong Information Technology Cooperation Company

5. Kim Sang Man, a North Korean national

Details on Sanctioned Entities

  • Technical Reconnaissance Bureau: Responsible for developing offensive cybersecurity tactics and tools.
  • 110th Research Center: Conducted cyberattacks against networks in the US and Republic of Korea (ROK), including a campaign known as DarkSeoul, which destroyed thousands of financial sector systems and resulted in outages at top media companies in the ROK.
  • Chinyong Information Technology Cooperation Company: Associated with the UN- and US-sanctioned Ministry of Peoples’ Armed Forces. The company employs delegations of DPRK IT workers operating in Russia and Laos, who engage in activities that generate revenue for the regime.
  • Kim Sang Man: Identified as being involved in the sale and transfer of IT equipment for the DPRK and receiving cryptocurrency funds transfers from IT teams located in China and Russia.

Sanctions Aim to Disrupt Illicit Financial Networks

The sanctions imposed on these entities are part of a broader effort to disrupt the DPRK’s illicit financial networks and prevent them from generating revenue through cybercrime. The action has been taken in coordination with the ROK, which is also imposing sanctions against one entity and one individual associated with overseas DPRK IT workers.

DPRK Cyberattack Actors Steal Millions

According to estimates, DPRK cyberattack actors stole more virtual currency in 2022 than in any previous year, with amounts ranging from $630 million to over $1 billion. The regime maintains a workforce of thousands of highly skilled IT workers around the world, primarily located in China and Russia, who generate revenue that contributes to its unlawful WMD and ballistic missile programs.

US Commitment to Combating Illicit Activities

The US Department of Treasury has emphasized its commitment to combating the DPRK’s illicit activities and preventing them from generating revenue through cybercrime.