The South Korean government has announced sanctions against 15 individuals and one entity from North Korea linked to illicit cyber activities, including crypto thefts.
Link to Bureau 313
Bureau 313, part of the Workers' Party of Korea's Machine-Building Industry Department, is at the center of these sanctions. Under UN sanctions since 2016, this department plays a critical role in North Korea's weapons production, including ballistic missiles. The sanctioned individuals operate under Bureau 313, using their skills to conduct sophisticated cyber heists and support the regime's goals.
Global Influence of North Korean Cyber Operatives
North Korean IT personnel have been infiltrating companies worldwide under false identities. According to South Korea’s Ministry of Foreign Affairs, these operatives work in regions like China, Russia, Southeast Asia, and Africa. Posing as legitimate employees, they secure contracts, steal sensitive information, and execute cyberattacks. One sanctioned individual, Kim Cheol-min, reportedly infiltrated IT firms in the U.S. and Canada, funneling significant sums to Pyongyang.
Broader Crackdown on DPRK's Cyber Networks
South Korea's actions are part of a series of sanctions from the U.S. Treasury Department, which recently targeted two individuals and one entity for laundering digital assets for North Korea via a front company in the UAE. These measures aim to disrupt the increasingly sophisticated and lucrative cyber operations by the DPRK. According to blockchain analytics firm Chainalysis, North Korean hackers stole $1.34 billion in digital assets across 47 incidents, representing 61% of the total stolen globally last year.
South Korea’s sanctions underscore the severe threat posed by North Korean cyber operatives and the scale of their operations. These actions aim to deter the use of cyberattacks to finance Pyongyang’s regime.
