The US Department of Treasury has taken measures and imposed sanctions on four entities and one individual with links to illicit revenue generation and malicious online activities that benefit the Democratic People’s Republic of Korea (North Korea). As per official sources, the entities and individuals sanctioned are the Pyongyang University of Automation, the Technical Reconnaissance Bureau, the 110th Research Center cybersecurity unit, Chinyong Information Technology Cooperation Company, and North Korean national Kim Sang Man respectively.
Designated entities and Individuals:
The Pyongyang University of Automation, Chinyong, Technical Reconnaissance Bureau, and the 110th Research Center have been designated for being agencies, instrumentalities, or controlled entities of the government of North Korea or the Workers’ Party of Korea. The Pyongyang University of Automation is North Korea’s prominent cybersecurity instruction institution, responsible for training malicious cybersecurity actors, many of whom work in the cybersecurity units subordinate to the Reconnaissance General Bureau (RGB).
The RGB is North Korea’s primary intelligence bureau and the main entity responsible for the country’s malicious cybersecurity activities. The RGB-controlled Technical Reconnaissance Bureau and its subsidiary cybersecurity unit, the 110th Research Center have also been sanctioned. The DPRK-based Technical Reconnaissance Bureau leads the DPRK’s development of offensive cybersecurity tactics and tools and operates several departments, including those that are affiliated with the Lazarus Group.
The 110th Research Center has launched cyber attacks against networks worldwide, including in the US and the Republic of Korea (ROK). In 2013, the 110th Research Center conducted the DarkSeoul campaign, which destroyed thousands of financial sector systems and caused outages in the top three media companies in the ROK. Additionally, the 110th Research Center has stolen sensitive government information related to ROK’s military defense and response planning.
North Korea-based Chinyong Information Technology Cooperation Company (Chinyong), also known as Jinyong IT Cooperation Company, is associated with the UN and US-sanctioned Ministry of Peoples’ Armed Forces. Chinyong employs delegations of DPRK IT workers that operate in Russia and Laos, the Department of Treasury said. North Korean national Kim Sang Man is linked to Chinyong’s overseas DPRK worker delegations. Kim is said to have been involved in the sale and transfer of IT equipment for DPRK and received cryptocurrency funds transfers from IT teams located in China and Russia valued at more than $2 million in 2021.
North Korea’s malicious activities:
Sanctions have been imposed against the entities’ illicit activities to fund the North Korean government. The DPRK conducts malicious cyber activities and deploys information technology (IT) workers abroad who fraudulently obtain employment to generate revenue that supports the Kim regime, said the Department of Treasury. The DPRK’s vast illicit cybersecurity and IT worker operations threaten international security by financing the DPRK regime and its dangerous activities, including its unlawful weapons of mass destruction (WMD) and missile programs.
Coordination with ROK:
The US Department of Treasury collaborated with the Republic of Korea (ROK) in imposing sanctions against one entity and one individual associated with overseas DPRK IT workers. The other three entities were previously sanctioned by the ROK on February 10, for engaging in cyberattack operations and illicit revenue generation that support the DPRK’s WMD programs.
North Korea’s cyber attack activities surged:
DPRK cyberattack actors reportedly stole more virtual currency in 2022 than in any previous year, with estimates ranging from $630 million to over $1 billion. These figures reportedly doubled Pyongyang’s total cyber theft proceeds in 2021, according to the UN Panel of Experts report released in March 2023. The DPRK maintains a workforce of thousands of highly skilled IT workers worldwide, primarily located in the People’s Republic of China and Russia, to generate revenue that contributes to its illegal WMD and ballistic missile programs. DPRK IT workers can earn more than $300,000 per year in some cases.
In conclusion, the US government reiterated its commitment to combat North Korea’s illicit activities aimed at generating revenue by stealing funds from global financial institutions and other entities. While the sanctions imposed might not impact North Korea’s malicious cyber activities in the short term, they will put a check on its efforts to expand its cyber arsenal.