The United States imposed sanctions on four North Korean organizations and one individual for engaging in unlawful cyber activities that help finance the country's illicit weapons development programs.
The Department of the Treasury stated that those on the blacklist "obfuscated revenue generation and malevolent cyber activities that support the government of the Democratic People's Republic of Korea (DPRK)," using the official moniker for North Korea.
US Sanctions North Korean IT Companies
The designated North Korean organizations include the Pyongyang University of Automation, which is responsible for "training malicious cyber actors, the majority of whom go on to work for Reconnaissance General Bureau cyber divisions."
In addition, the department identified the "RGB-controlled Technical Reconnaissance Bureau and its subordinate cyber unit, the 110th Research Center."
According to a press release, the DPRK's Technical Reconnaissance Bureau leads the development of offensive cyber tactics and tools and oversees multiple divisions, including those affiliated with the Lazarus Group.
Chinyong Information Technology Cooperation Company, also known as Jinryong IT Cooperation Company, which "employs delegations of DPRK IT workers that operate in Russia and Laos," and Kim Sang-man, a North Korean national based in Vladivostok who "is presumed to be involved in the payment of salaries to family members of Chinyong's overseas DPRK worker delegations," according to the treasury department.
Under Secretary of the Treasury for Terrorism and Financial Intelligence, Brian Nelson was quoted as saying, "Today's action continues to emphasize the DPRK's extensive illegal cyber and IT labor operations, which fund the regime's illegal weapons of mass destruction and ballistic missile programs."
Secretary of State Antony Blinken stated that the United States was coordinating its actions with South Korea, which simultaneously imposed unilateral sanctions on North Korean organizations and individuals involved in illicit cyber activities.
According to Korea Herald, the employees frequently use stolen identities and proxy accounts to apply for positions with foreign companies, using legitimate employment to conceal other illegal activities.
According to a March UN report, North Korean hackers stole more virtual currency in 2022 than in any previous year, with estimates spanning from $630 million to over $1 billion - reportedly doubling Pyongyang's total cyber theft proceeds in 2021.
The alleged involvement of North Korean hackers in the 2014 breach of Sony Pictures in retaliation for the release of the satirical film "The Interview," which made light of North Korean leader Kim Jong Un, propelled North Korean hackers to prominence.
Nelson stated that the US administration will continue to combat North Korea's "continued efforts to pilfer money from financial institutions, virtual currency exchanges, corporations, and private individuals around the globe."
The Technical Reconnaissance Bureau is presently in charge of North Korea's offensive cyber operations and supervises personnel associated with the infamous Lazarus hacking group.
Lazarus was accused of committing some of the largest thefts of virtual currency to date.
"On March 23, 2022, the Lazarus Group perpetrated the largest virtual currency theft to date, stealing approximately $620 million in virtual currency from a blockchain initiative associated with the online game Axie Infinity," the department said Tuesday.
North Korea Cyber Activities Fund Nuclear Missile Programs
North Korea maintains thousands of "highly skilled" IT employees around the globe, predominantly in China and Russia, which "generate revenue that contributes to its unlawful weapons of mass destruction and ballistic missile programs," according to a Tuesday Treasury Department announcement.
These individuals, who in some instances earn more than $300,000 annually, intentionally conceal their identities, locations, and nationalities by using stolen identities and forged documents to apply for employment with employers in "wealthier countries."
Per Tech Crunch, the announcement stated that they have secretly worked in various positions and industries, including "business, health and fitness, social networking, athletics, entertainment, and lifestyle."
Earlier last year, the US government also warned that hackers backed by North Korea were targeting employees of cryptocurrency companies by sending highly targeted phishing emails that included a high-paying job offer in an attempt to convince the victim to download a trojanized cryptocurrency application.