Uncovering North Korea’s illicit cyber activities: A closer look at the Treasury Department’s latest sanctions

Treasury Department Imposes Sanctions on Entities Linked to North Korean Cyber Activities

The United States Treasury Department has issued sanctions against four entities and one individual for their involvement in malicious cyber activities that support North Korea and its weapons programs. The Treasury’s Office of Foreign Assets Control (OFAC) coordinated with the Republic of Korea to jointly designate two of the sanctioned entities. The four entities targeted by the Treasury include one responsible for training individuals who work for the DPRK’s primary intelligence bureau and two other operation centers leading offensive cyber operations, with links to the Lazarus group, a hacking group previously sanctioned by OFAC for a massive virtual currency heist. The sanctioned individual, Kim Sang Man, is associated with Chinyong Information Technology Cooperation Company, which has also been sanctioned for involvement in North Korea’s program to falsify identities of IT specialists to fund its weapons program. Separately, OFAC also imposed sanctions on several crypto wallets hosted by Binance exchange, allegedly having ties with North Korea’s weapons program.

North Korea’s Cyber Activities as a Growing Problem

North Korea’s malicious cyber activities have become a significant issue for US national security in recent years. The country uses these activities to evade international sanctions imposed on it. The Treasury Department has noted that these illicit revenue generation activities support North Korea’s unlawful weapons of mass destruction and ballistic missile programs. Early this month, Anne Neuberger, Deputy National Security Adviser for Cyber and Emerging Technology, pointed out that roughly half of North Korea’s missile program is supported by malicious cyber activities, including virtual currency theft. As per the United Nations, DPRK cyber actors have stolen more than $1 billion in virtual currency in 2022, double the amount stolen the previous year.

Expanding Targets and Innovative Techniques

North Korean hackers have expanded their targets recently and adopted novel techniques to evade detection. Pyongyang University of Automation, a sanctioned entity, trains individuals who work for intelligence bureaus that carry out such attacks. The entities designated by OFAC have links to the Lazarus group, which is known for several attacks on financial institutions in recent years.

Advice for Governments and Private Entities

The problem of malicious cyber activities has been growing worldwide. Governments and private entities can do several things to protect themselves from such attacks. They must regularly update their software and security patches to protect against known vulnerabilities. They must also ensure strong passwords, limit the use of administrative privileges, conduct regular security awareness training, and implement two-factor authentication for all online transactions. As we have seen with North Korea, the cyber threat landscape is continuously evolving, and entities must remain vigilant to prevent and mitigate cyber attacks.

Editorial

The growing incidence of cyber threats worldwide is becoming a significant concern for various governments and private entities. This is especially true with North Korea, whose cyber and IT worker operations have become a primary source of income to support its unlawful weapons program. The Treasury Department’s latest sanctions are a move in the right direction to curb North Korea’s malicious activities. Nevertheless, there is a need for governments and private entities to collaborate and share intelligence to counter this growing problem.

The development of innovative techniques and the expansion of targets by cyber adversaries are a constant reminder of the need for cyber vigilance. Private entities and governments must strengthen their cybersecurity posture to prevent, detect and contain cyber attacks effectively. To achieve this, they must adopt measures that ensure secured systems and networks, regular security training for employees, and invest in updating software and security patches. Such measures, coupled with robust cyber defense strategies, can help mitigate the potential damage caused by cyber attacks.