The Department of Treasury’s economic and trade sanction office on Tuesday sanctioned eight people and two organizations from the Democratic People’s Republic of Korea (DPRK) responsible for conducting high-level cyber-enabled espionage cyberattacks.
DOT’s Office of Foreign Assets Control (OFAC) sanctioned a group of North Korean bankers, DPRK financial institution representatives, and the Ryujong Credit Bank and Korea Mangyongdae Computer Technology Company (KMCTC) for laundering funds from schemes involving cybercrime and IT worker fraud.
“North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said John Hurley, undersecretary of terrorism and financial intelligence at DOT, in a statement.
“By generating revenue for Pyongyang’s weapons development, these actors directly threaten U.S. and global security. Treasury will continue to pursue the facilitators and enablers behind these schemes to cut off the DPRK’s illicit revenue streams,” Hurley continued.
Through disruptive cyberattacks and financial theft “at a scale unmatched by any other country,” DPRK-affiliated actors have stolen more than $3 billion during the past three years, primarily in cryptocurrency, OFAC officials said. To do that, cybercriminals have used sophisticated techniques, including malware and social engineering.
Two North Korean bankers, Jang Kuk Chol and Ho Jong Son, managed $5.3 million in cryptocurrency, a portion of which has been tied to a DPRK-affiliated ransomware actor that has targeted U.S. victims and handled revenue from DPRK IT workers.
Five China or Russia-based representatives of DPRK financial institutions were also identified by OFAC – named as Ho Yong Chol, Han Hong Gil, Jong Sung Hyok, Choe Chun Pom, and Ri Jin Hyok – and sanctioned for facilitating large amounts of funds for DPRK-affiliated groups.
“The United States strongly condemns the activities of forces associated with the DPRK, including those supporting the DPRK’s WMD and ballistic missile programs in violation of multiple UN Security Council resolutions (UNSCRs) and enabling associated sanctions evasion activities,” OFAC officials stated.
Meanwhile, KMCTC was sanctioned for obfuscating funds generated by DPRK IT workers’ illicit revenue schemes, and Ryujong Credit Bank provided financial assistance to avoid sanctions between China and North Korea, OFAC said.
“DPRK IT workers are located all around the world, obfuscating their nationality and identities. They earn hundreds of millions of dollars per year by engaging in a wide range of IT development work by obfuscating their nationality with false or stolen identities when they seek employment contracts and create accounts on freelance work websites,” OFAC officials said.