South Korea hit 15 North Korean individuals and one entity with sanctions related to illegal cyber operations, particularly cryptocurrency hacks.
They were connected to a group called Bureau 313, part of the Workers’ Party of Korea’s Machine-Building Industry Department, which has been sanctioned by the United Nations since 2016 for its oversight of North Korea’s weapons production, including ballistic missiles.
The Ministry of Foreign Affairs pointed out that North Korean IT personnel are sent abroad—the Ministry noted regions such as China, Russia, Southeast Asia, and Africa—disguised as members of legitimate organizations. They sign contracts with foreign IT companies, carrying out everything from information theft to launching cyberattacks.
Another, a man named Kim Cheol-min, had penetrated it companies in countries like the United States and Canada, transmitting a significant amount of foreign currency back to Pyongyang. Furthermore, one sanctioned entity leads hundreds of IT workers overseas, providing the regime and the country’s military with significant funds.
Rising Crypto Theft Operations from North Korean Hackers
North Korean cyber actors have been behind some of the biggest crypto heists to date. In January, for example, North Korean cybergangs were blamed by the Federal Bureau of Investigation for the $305 million theft last year of funds from a Japan-based crypto firm, DMM Bitcoin, an incident that forced DMM to shut down.
The U.S. Treasury Department has also imposed sanctions against individuals and firms that have been involved in laundering cryptocurrencies for North Korea, including operations located in the United Arab Emirates.
Data from the blockchain analytics firm Chainalysis show North Korean hackers stole about $1.34 billion in cryptocurrency in 47 incidents in 2024. This represents 61% of all remaining crypto assets stolen globally so far this year,3 highlighting a massive surge in the scale and frequency of such attacks.
Working Together on Cyber Security with Other Countries
Details on how South Korea and the United States have begun collaborative research to better defend against these types of cryptocurrency thefts emerge amid the growing threat. The partnership is expected to establish tools to trace misplaced digital assets and block further cyberattacks connected to North Korean hackers.
This will be supported by South Korea’s Ministry of Science and ICT and involves leading institutions and experts focused on tackling the growing cyber threat. The collaboration emphasizes a mutual dedication to enhancing the security of crypto at an international level.
Impacts on International Security
North Korea‘s recent surge in cyber activities — especially those involving cryptocurrency theft — has alarmed the international community for posing serious threats to global peace and security.
And funds raised from these activities are known to fund North Korea’s weapons of mass destruction and ballistic missile programs, raising geopolitical tensions.”
The issue of sanctions as a deterrent has come under intense scrutiny in recent years as the world tries to come to grips with the effectiveness of sanctions and the role of cybercrime in supporting such programs.
And the effort that South Korea and the U.S. are making to address these threats is just a small part of what we will discuss.
North Korean hackers are using more sophisticated methods — including impersonating remote IT workers to gain access to companies — and the international cybersecurity landscape needs to adapt.
So, a fair amount of recent work has been lavished on strengthening defenses against such deceptive techniques to help protect between the worlds and the world itself.
FAQs
1. What has South Korea done to North Korean hackers?
The move led South Korea to place 15 people and an entity involved in stealing cryptocurrency and other illicit cyber activity, trying to halt their operations and funding streams.
2. How much did North Korean hackers steal in cryptocurrency in 2024?
North Korean hackers stole 1.34 billion dollars across 47 incidents, comprising 61 percent of global thefts of cryptocurrency this year, Chainalysis said.
3. What Are North Korean IT Workers Doing Abroad?
More recently, North Korean information technology workers have been scourging companies across the world, operating undercover, getting hired on as employees launching cyberattacks and stealing cryptocurrencies to finance their state.
4. How is North Korea funding its activities through cryptocurrency theft?
Stolen digital assets finance North Korea’s military programs, weapons development, etc., while also calming the regime through money laundering and clandestine financial pipelines.
