November 30, 2023 at 05:18PM
OFAC sanctioned the Kimsuky hacking group and eight North Korean agents for espionage and aiding DPRK’s WMD programs, responding to DPRK’s satellite launch. Kimsuky has expanded from South Korea to global targets, engaging in cyberattacks to support DPRK’s nuclear ambitions. Previous sanctions targeted DPRK groups for cyber theft funding the government.
Meeting Takeaways:
1. The Office of Foreign Assets Control (OFAC) has imposed sanctions on the Kimsuky hacking group, supported by North Korea, for stealing intelligence to help the country’s strategic goals.
2. OFAC has sanctioned eight North Korean individuals for aiding in sanction evasion and supporting North Korea’s weapons of mass destruction (WMD) programs.
3. The actions are in response to North Korea’s alleged launch of a military reconnaissance satellite on November 21, seen as an effort to further the country’s WMD capabilities.
4. Kimsuky operates under the Reconnaissance General Bureau (RGB), North Korea’s primary foreign intelligence service, and is recognized in the cybersecurity industry by various names, including APT43, Emerald Sleet, Velvet Chollima, TA406, and Black Banshee.
5. Originally focusing on South Korean targets, Kimsuky expanded its activities to include entities in the United States, Russia, Europe, and the United Nations.
6. Kimsuky mainly aims to collect intelligence related to foreign policy and security regarding the Korean peninsula and nuclear policy.
7. Notable cyberattacks conducted by Kimsuky include the compromise of South Korea’s nuclear reactor operator, operations against academic institutions, and spear-phishing attacks against United Nations officials.
8. The US Treasury previously sanctioned other North Korean hacking groups—Lazarus, Bluenoroff, and Andariel—in September 2019 for cyber thefts financing the North Korean government.
9. In May, sanctions were announced against four North Korean entities engaged in illegal IT worker schemes and cyberattacks.
10. A UN report indicates North Korean state hackers may have stolen between $630 million and over $1 billion in cryptocurrency in 2022, which is about double the illicit earnings from cyber theft compared to the previous year.