South Korea imposes sanctions on North Korean crypto hackers, IT operatives

Reported by The Block: South Korea is imposing sanctions on 15 North Korean individuals and one entity involved in illicit cyber activities, including cryptocurrency heists.

North Korean hackers stole $1.34 billion worth of cryptocurrencies in 2024, according to Chainalysis.

The South Korean government announced today that it imposed sanctions on 15 individuals and one entity from the Democratic People’s Republic of Korea involved in illicit cyber activities, including cryptocurrency heists.

The 15 North Korean individuals have been working for Bureau 313, an organization under the Workers' Party of Korea’s Machine-Building Industry Department, South Korea’s Ministry of Foreign Affairs said in a statement. The department, subject to UN Security Council sanctions since 2016, oversees DPRK’s weapons production, including its ballistic missile program.

“North Korean IT personnel are known to be dispatched to China, Russia, Southeast Asia and Africa as affiliated organizations of the government, disguising their status and securing work orders from IT companies around the world, while some are also involved in information theft and cyberattacks,” the statement said.

A representative of South Korea’s Foreign Affairs Ministry told The Block that a number of the sanctioned individuals stole cryptocurrencies through hacks. However, the ministry declined to specify the identities of those who have conducted crypto heists.

One sanctioned individual named Kim Cheol-min, infiltrated IT firms in the U.S. and Canada as an employee and sent large sums of foreign currency to Pyongyang.

South Korea also placed sanctions on one North Korean entity that dispatches numerous North Korean IT personnel overseas and remits large sums of money to fund the regime and its military, according to the statement.

DPRK hacks on the rise
North Korean hackers are said to be responsible for some of the largest cryptocurrency hacks. On Monday, the Federal Bureau of Investigation announced that North Korean cyber actors were behind the $308 million crypto theft from Japan-based crypto firm DMM Bitcoin, which led the company to shut down.

Last week, the U.S. Treasury Department imposed sanctions on two individuals and one entity for laundering cryptocurrencies for the DPRK in a front company in the United Arab Emirates.

According to blockchain analytics firm Chainalysis, North Korean hackers stole $1.34 billion worth of crypto across 47 incidents. This represents 61% of the total amount stolen for the year, showing an increase in both amount and frequency.

“[Some] events appear to be linked to North Korean IT workers, who have been increasingly infiltrating crypto and Web3 companies, and compromising their networks, operations and integrity,” the Chainalysis report said. “These workers often use sophisticated Tactics, Techniques and Procedures (TTPs), such as false identities, third-party hiring intermediaries, and manipulating remote work opportunities to gain access.” 
 

Source