The U.S. Treasury Department has taken significant action against North Korea’s cybercrime operations, sanctioning eight individuals and two entities involved in illicit activities that funnel stolen cryptocurrency. This move targets the financial networks utilized by hackers linked to the Democratic People’s Republic of Korea (DPRK) who have reportedly stolen over $3 billion in digital assets over the past three years.
Utilizing advanced methods such as malware, social engineering, and ransomware, these cybercriminals have successfully attacked banks, cryptocurrency exchanges, and various digital platforms. The Treasury Department indicates that the proceeds from these operations are instrumental in financing North Korea’s nuclear weapons and missile development programs. John K. Hurley, the Treasury Under Secretary for Terrorism and Financial Intelligence, emphasized the role of state-sponsored hackers in this scheme: “North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program.”
Among those sanctioned are bankers Jang Kuk Chol and Ho Jong Son, who are accused of managing over $5.3 million in cryptocurrency derived from ransomware attacks and revenue generated by DPRK IT workers abroad. The Korea Mangyongdae Computer Technology Corp., an IT firm that facilitates these operations by running delegations of IT workers in China while employing local proxies to obscure the origin of funds, was also targeted. Its president, U Yong Su, faces similar sanctions.
The sanctions additionally affect the Ryujong Credit Bank, based in Pyongyang, which has been implicated in laundering funds between North Korea and China. Five DPRK banking representatives operating in China and Russia were included in this crackdown for their involvement in moving substantial amounts of money through various global financial networks.
The significance of these sanctions is underscored by prior warnings from the FBI regarding North Korean hackers targeting U.S. cryptocurrency exchange-traded funds (ETFs) as part of their theft strategy. The attacks often involve intricate social engineering tactics, including personalized scams, meticulous research on potential victims, fake job offers, and the deployment of malware.
Additionally, the Treasury’s analysis indicates that North Korea exploits overseas IT workers by concealing their true nationality with false identities and contracts. Some of these workers collaborate with freelancers from outside the country, redirecting project revenues back to North Korea.
The sanctions imposed block all property and interests of the designated individuals and entities within U.S. jurisdiction, prohibiting U.S. citizens from engaging in business activities with them. Financial institutions that fail to adhere to these regulations may also face enforcement actions. Experts highlight that North Korea’s operations in the realm of cryptocurrency are particularly sophisticated, blending cybercrime with sanctions evasion and overseas IT labor to sustain its weapons programs. This recent action by the U.S. seeks to disrupt Pyongyang’s access to digital assets and alerts the global financial community to the risks associated with facilitating these clandestine networks.
