South Korea has Announce Sanctions against 15 individuals and one entity from North Korea involved in cybercrime, including large-scale cryptocurrency thefts.
The move comes amid growing concerns about North Korea’s use of cyber operations to fund its weapons programs and evade international sanctions.
South Korea imposes sanctions on North Korean hackers and IT employees
South Korea’s Foreign Ministry specifically revealed in a statement issued on December 26 that the sanctioned individuals are linked to Bureau 313, an organization affiliated with the Machinery Building Industry Administration of the Workers’ Party of Korea.
This office, which has been subject to UN Security Council sanctions since 2016, plays an important role in overseeing North Korea’s weapons production, including its ballistic missile program.
According to the ministry, these agents are often sent to countries such as China, Russia, Southeast Asia and Africa, where they work under disguised identities to secure work in IT companies.
Many of these individuals infiltrate IT networks, manipulate company operations, and, in some cases, steal cryptocurrencies. One of these individuals, Kim Cheol-min, is said to have infiltrated IT companies in the United States and Canada and transferred large sums of foreign currency to North Korea.
In addition, one of the sanctioned entities is also known to send North Korean IT personnel abroad to secure illicit funds for the Pyongyang regime and military operations.
Intensification of CryptoTheft and cyber activities
It is worth noting that the reasons behind the sanctions imposed on these North Korean perpetrators are quite clear. Recent reports from blockchain analytics firm Chainalysis revealed that North Korean hackers stole approximately $1.34 billion worth of cryptocurrencies across 47 incidents last year.
This large number represents 61% of total global cryptocurrency theft in 2023, representing a sharp increase in frequency and volume.
According to the report, these attacks are often meticulously planned, with agents using advanced tactics, techniques, and procedures (TTPs) to penetrate corporate networks and extract valuable digital assets.
The Chainalysis report also points to a worrying trend, which is that many of these thefts are being facilitated by North Korean IT workers employed at global technology companies, including cryptocurrency and Web3 companies.
These agents often use false identities, third-party intermediaries, and remote work opportunities to gain unauthorized access to sensitive systems.
Once inside, they manipulate networks, hack security protocols, and exfiltrate funds in the form of cryptocurrencies, which are then laundered through complex blockchain transactions to avoid detection.
While the sanctions represent an important step, North Korea’s cyber capabilities will likely remain a continuing threat without coordinated global oversight and advanced cybersecurity measures. The South Korean government wrote:
Our government will continue to work with the international community to prevent North Korea’s illegal cyber activities with a high level of vigilance. This independent sanction is scheduled to enter into force from 00:00 on Monday, December 30, until its publication in the Official Gazette. Financial transactions and foreign exchange operations with purposes identified as targets of this independent sanction require prior approval from the Financial Services Commission or the Governor of the Bank of Korea.
Featured image created with DALL-E, chart from TradingView