South Korea Sanctions 15 North Korean Hackers and One Entity Over Crypto Theft Operations

By • Posted in Crypto No Comments

South Korea has announced sanctions against 15 individuals and one entity from North Korea involved in cybercrimes, including large-scale cryptocurrency heists.

The move comes amid rising concerns about North Korea’s use of cyber operations to fund its weapons programs and evade international sanctions.

South Korea Imposes Sanctions On North Korean Hackers And IT Operatives

The Ministry of Foreign Affairs of South Korea particularly disclosed in an announcement released on December 26 that the sanctioned individuals are linked to Bureau 313, a corporation under the Employees’ Party of Korea’s Machine-Constructing Industry Department.

This bureau, which has been under United Nations Security Council sanctions since 2016, plays a big role in overseeing North Korea’s weapons production, including its ballistic missile program.

In line with the ministry, these operatives are sometimes dispatched to countries corresponding to China, Russia, Southeast Asia, and Africa, where they operate under disguised identities to secure employment in IT firms.

A lot of these individuals infiltrate IT networks, manipulate company operations, and, in some cases, conduct cryptocurrency thefts. One such individual, Kim Cheol-min, reportedly infiltrated IT firms within the US and Canada, transferring large sums of foreign currency back to North Korea.

Moreover, one sanctioned entity can be known to send North Korean IT personnel overseas to secure illicit funds for Pyongyang’s regime and military operations.

The worldwide digital currency market cap value on the 1-day chart. Source: TradingView.com

CryptoTheft and Cyber Activities Intensify

Notably, the explanations behind the sanctions of those North Korean perpetrators are quite evident. Recent reports from blockchain analytics firm Chainalysis reveal that North Korean hackers stole roughly $1.34 billion value of cryptocurrency across 47 incidents last 12 months.

This significant figure represents 61% of the whole global cryptocurrency theft in 2023, marking a pointy increase each when it comes to frequency and scale.

In line with the report, these attacks are sometimes meticulously planned, with operatives using advanced Tactics, Techniques, and Procedures (TTPs) to breach corporate networks and extract invaluable digital assets.

The Chainalysis report also points out a concerning trend—lots of these thefts are facilitated by North Korean IT employees embedded in global tech firms, including crypto and Web3 firms.

These operatives often use false identities, third-party intermediaries, and distant work opportunities to achieve unauthorized access to sensitive systems.

Once inside, they manipulate networks, compromise security protocols, and exfiltrate funds in the shape of cryptocurrencies, that are then laundered through complex blockchain transactions to evade detection.

While the sanctions represent a big step, North Korea’s cyber capabilities will likely remain a persistent threat without coordinated global oversight and advanced cybersecurity measures. The South Korean government wrote:

Our government will proceed to work with the international community to dam North Korea’s illegal cyber activities with a high level of alertness. This independent sanction is scheduled to take effect from 00:00 on Monday, December 30 through publication within the Official Gazette. Financial and foreign exchange transactions with the targets designated as targets of this independent sanction require prior approval from the Financial Services Commission or the Governor of the Bank of Korea

Featured image created with DALL-E, Chart from TradingView

Leave a Comment

Copyright © 2024. All Rights Reserved. Finapress | Flytonic Theme by Flytonic.