North Korean hackers

The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals.

OFAC has also sanctioned eight North Korean agents for facilitating sanctions evasion and supporting their country's weapons of mass destruction (WMD) programs.

Today's measures come as a direct response to the Democratic People's Republic of Korea's (DPRK) alleged launch of a military reconnaissance satellite on November 21 to impede DPRK's capacity to generate income, acquire resources, and gather intelligence supporting the advancement of its WMD program.

"Active since 2012, Kimsuky is subordinate to the UN- and U.S. designated Reconnaissance General Bureau (RGB), the DPRK's primary foreign intelligence service," the Department of Treasury said today.

"Malicious cyber activity associated with the Kimsuky advanced persistent threat is also known in the cybersecurity industry as APT43, Emerald Sleet, Velvet Chollima, TA406, and Black Banshee."

In August 2010, OFAC linked Kimsuky to North Korea's Reconnaissance General Bureau, the country's main foreign intelligence service.

While initially targeting South Korean government entities, think tanks, and individuals deemed experts across diverse fields, the group slowly broadened its scope, extending operations to encompass targets linked to the United States, Russia, Europe, and the United Nations.

Kimsuky's primary focus revolves around harvesting intelligence, centering on foreign policy and national security concerns about the Korean peninsula and nuclear policy.

Cyberattacks against high-profile targets

High-profile attacks attributed to this DPRK cyberespionage group include the compromise of South Korea's nuclear reactor operator Korea in 2014, Operation STOLEN PENCIL against academic institutions in 2018, Operation Kabar Cobra against South Korean government organizations and defense-related agencies in 2019, and Operation Smoke Screen the same year.

Kimsuky also targeted at least 28 United Nations officials and almost a dozen UN Security Council officials in spear-phishing attacks in August 2020 and infiltrated South Korea's Atomic Energy Research Institute in June 2021.

The US Treasury Department sanctioned the North Korean hacking groups Lazarus, Bluenoroff, and Andariel in September 2019 for funneling financial assets stolen in cyberattacks against victims worldwide to the country's government.

OFAC also announced sanctions in May against four North Korean entities involved in illicit IT worker schemes and cyberattacks designed to generate revenue to finance DPRK's WMD programs.

According to a recent United Nations confidential report, North Korean state hackers were linked to record-breaking levels of cryptocurrency theft last year, stealing between $630 million to over $1 billion in 2022 alone and effectively doubling Pyongyang's illicit gains from cyber theft from one year before.

Related Articles:

US govt sanctions Iranians linked to government cyberattacks

Hackers hijack antivirus updates to drop GuptiMiner malware

US sanctions crypto exchanges used by Russian darknet market, banks

US sanctions APT31 hackers behind critical infrastructure attacks

ScreenConnect flaws exploited to drop new ToddlerShark malware