S. Korea imposes sanctions on N. Korean digital asset hackers

Getting your Trinity Audio player ready...

South Korea is imposing sanctions against 15 North Korean IT organization members and one related company involved in illicit cyber activities, including digital asset heists, allegedly procuring funds for North Korea’s nuclear weapons development program.

“North Korean IT personnel are known to be dispatched to China, Russia, Southeast Asia and Africa as affiliated organizations of the government, disguising their status and securing work orders from IT companies around the world, while some are also involved in information theft and cyberattacks,” South Korea’s Ministry of Foreign Affairs said in a statement.

Those sanctioned allegedly procured funds for North Korea through “overseas foreign currency-earning activities,” added the Ministry.

The 15 North Korean individuals have been working for Bureau 313, an organization under the Workers’ Party of Korea’s Machine-Building Industry Department—a department that oversees North Korea’s weapons production, including its ballistic missile program, and which has been subject to the United Nations Security Council sanctions since 2016.

Amongst the sanctioned individuals was Kim Cheol-min, who allegedly infiltrated IT firms in the United States and Canada as an employee and sent large sums of foreign currency back to North Korea. Another sanctioned worker, Kim Ryu Song, was indicted by U.S. lawmakers on December 11 for conspiracy to violate the International Emergency Economic Powers Act, wire fraud, money laundering, and identity theft, generating more than $88 million for North Korea over six years.

South Korea also placed sanctions on a North Korean entity, the Chosun Geumjeong Economic Information Technology Exchange Company, that dispatches IT personnel overseas and “pays a large amount of military funds to the North Korean regime,” according to the statement.

Scale of North Korean cybercrime

North Korea’s illicit cyber activity has become notorious in recent years in scale and frequency. 

According to blockchain analytics firm Chainalysis, North Korean hackers stole $1.34 billion worth of digital assets in 2024, across 47 incidents; this amounted to 61% of the total amount stolen for the year. 

Most recently, the U.S. Federal Bureau of Investigation (FBI) announced that North Korean cyber actors were behind the $308 million digital asset theft from Japan-based digital asset firm DMM Bitcoin.

“[Some] events appear to be linked to North Korean IT workers, who have been increasingly infiltrating crypto and Web3 companies, and compromising their networks, operations and integrity,” said Chainalysis. 

“These workers often use sophisticated Tactics, Techniques and Procedures (TTPs), such as false identities, third-party hiring intermediaries, and manipulating remote work opportunities to gain access.” 

South Korea isn’t alone in its efforts to counter this prolific cyber campaign; the U.S. has also been actively investigating and clamping down on North Korean activity.

On December 17, the U.S. Treasury Department imposed sanctions on two individuals and one entity for laundering digital assets for North Korea in a front company in the United Arab Emirates.

Watch: Blockchain regulation with Marcin Zarakowski