The South Korean government announced today the imposition of sanctions on 15 individuals and one entity from North Korea involved in illegal cyber activities, including cryptocurrency thefts.
According to a statement from South Korea’s Ministry of Foreign Affairs, the sanctioned individuals are linked to Bureau 313, an organization under the Workers’ Party of Korea’s Machine-Building Industry Department. This department, under UN Security Council sanctions since 2016, oversees North Korea’s weapons production, including its ballistic missile program.
“North Korean IT personnel are known to be dispatched to China, Russia, Southeast Asia, and Africa as affiliated organizations of the government, disguising their status and securing work orders from IT companies around the world, while some are also involved in information theft and cyberattacks,” the statement said.
A ministry representative told The Block that some of the sanctioned individuals engaged in cryptocurrency thefts through hacking, though specific identities were not disclosed. Among the individuals named, Kim Cheol-min infiltrated IT firms in the U.S. and Canada, posing as an employee and sending significant sums of foreign currency back to Pyongyang.
Additionally, sanctions were imposed on a North Korean entity responsible for deploying IT personnel abroad and channeling substantial funds to support the regime and its military.
Rise in North Korean Cyberattacks
North Korean hackers are reportedly behind some of the largest cryptocurrency heists globally. On Monday, the Federal Bureau of Investigation confirmed that North Korean cyber actors were responsible for the $308 million theft from Japan-based crypto firm DMM Bitcoin, which subsequently ceased operations.
Last week, the U.S. Treasury Department sanctioned two individuals and one entity accused of laundering cryptocurrencies for North Korea through a front company in the United Arab Emirates.
Blockchain analytics firm Chainalysis reported that North Korean hackers stole $1.34 billion worth of cryptocurrency in 47 incidents, accounting for 61% of the total amount stolen globally this year. The report highlighted an increase in both the scale and frequency of such attacks.
“[Some] events appear to be linked to North Korean IT workers, who have been increasingly infiltrating crypto and Web3 companies, and compromising their networks, operations, and integrity,” the Chainalysis report noted. These workers reportedly use “sophisticated Tactics, Techniques and Procedures (TTPs), such as false identities, third-party hiring intermediaries, and manipulating remote work opportunities to gain access.”
