Emily Walker
South Korea has imposed sanctions on 15 North Korean individuals and one organization implicated in cybercrime, particularly in significant cryptocurrency thefts.
This action comes in response to growing worries regarding North Korea’s cyber activities aimed at financing its armament initiatives and circumventing worldwide sanctions.
Sanctions Target North Korean Cybercriminals
On December 26, South Korea’s Ministry of Foreign Affairs revealed that those sanctioned are associated with Bureau 313, an entity linked to the Workers’ Party of Korea’s department responsible for machinery.
Since 2016, the United Nations Security Council has sanctioned this bureau for its essential role in managing North Korea’s weapons manufacturing, including ballistic missile development.
The ministry noted that these operatives often travel to nations like China, Russia, Southeast Asia, and Africa, where they masquerade under false identities to find jobs in IT companies.
Their activities frequently involve breaching IT systems, manipulating operations, and executing cryptocurrency thefts. For instance, an individual named Kim Cheol-min is reported to have accessed IT companies in the US and Canada, remitting vast amounts of foreign currency back to North Korea.
Additionally, one of the sanctioned entities is recognized for sending North Korean tech staff abroad to gather illegal funds for the North Korean regime and its military endeavors.
Surge in Cyber Theft and Activities
It is clear why sanctions have been placed on these North Korean figures. Reports from the blockchain analytics firm Chainalysis indicate that hackers from North Korea pilfered around $1.34 billion in cryptocurrency across 47 separate incidents in the last year.
This staggering amount comprises 61% of all global cryptocurrency thefts in 2023, reflecting a notable rise in both the occurrence and scale of these crimes.
According to the findings, these cyberattacks are typically well-planned, with attackers employing sophisticated Tactics, Techniques, and Procedures (TTPs) to infiltrate corporate networks and seize valuable digital assets.
Furthermore, the Chainalysis report highlights a troubling trend: numerous thefts are carried out by North Korean IT professionals working within international tech companies, including those in the crypto and Web3 sectors.
These operatives often utilize fake identities, third-party go-betweens, and remote employment options to unlawfully gain entry into secure systems.
Once they breach the defenses, they tamper with networks, compromise security measures, and siphon off funds as cryptocurrencies, which are subsequently laundered through intricate blockchain processes to escape detection.
While these sanctions signify a crucial action, North Korea’s cyber capabilities are likely to continue posing a real threat without unified international efforts and enhanced cybersecurity protocols. The South Korean government stated:
We will maintain collaboration with the global community to thwart North Korea’s unlawful cyber operations while remaining vigilant. This independent sanction will take effect at 00:00 on Monday, December 30, following its announcement in the Official Gazette. Any financial or foreign exchange dealings with the designated targets of this sanction must have prior authorization from the Financial Services Commission or the Governor of the Bank of Korea.
Featured image created with DALL-E, Chart from TradingView