US Treasury Dept. Sanctions Crypto Criminals Tied to North Korea

Three individuals linked to North Korea got slapped with sanctions on Monday, according to a statement from the US Treasury Department.

The US government has imposed sanctions on three people it claims supported the Democratic People’s Republic of Korea (DPRK) through illicit financing and malicious cyber activity. Washington made the move in coordination with the Republic of Korea.

Illegal Networks

According to a statement from the US Treasury Department, “The DPRK’s use of illicit facilitation networks to access the international financial system and generate revenue using virtual currency for the regime’s unlawful weapons of mass destruction (WMD) and ballistic missile programs directly threatens international security.” That’s per Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. 

The announcement continues:

“The United States and our partners are committed to safeguarding the international financial system and preventing its use in the DPRK’s destabilizing activities, especially in light of the DPRK’s three launches of intercontinental ballistic missiles (ICBMs) this year alone.”

The North Korean government uses funds obtained by the Lazarus Group to fund its illegal nuclear program. The regime has repeatedly threatened Japan and other neighbors with nuclear weapons.

North Korea Uses Crypto to Fund Its Weapons Program

The US Government has named Wu Huihui and Cheng Hung Man for providing material support to the Lazarus Group. The bad actors allegedly report to the Reconnaissance General Bureau (RGB), the DPRK’s primary intelligence arm.

However, Treasury targeted the third individual, Sim Hyon Sop, for acting for or on behalf of the Korea Kwangson Banking Corp (KKBC). The three individuals involved are Chinese nationals.

Lazarus engages in cyber espionage, data theft, monetary heists, destructive malware operations, and arms trades. In March 2022, its agents reportedly stole almost $620 million in virtual currency. The heist was the largest theft of virtual funds to date.

Since 2017, the DPRK has committed virtual currency thefts to fund its illegal missile and weapons programs. In 2022, DPRK cyber actors stole an estimated $1.7 billion in virtual currency. The DPRK uses a network of OTC traders to launder stolen virtual currency into fiat currency and avoid detection.

DPRK actors often utilize networks of OTC traders to conduct transactions on their behalf. The country has previously used China-based traders to evade detection by financial institutions.

The Lazarus Group first came to public attention in 2009. It carried out “Operation Troy” from 2009 to 2012. Hackers targeted the South Korean government using distributed denial-of-service attacks (DDoS).

The group has since expanded its activities. Enabling the North Korean regime to access billions in funds via illegal methods.

North Korea is currently the fourth most sanctioned state, behind Russia, Iran, and Syria.