The Treasury Division’s Workplace of International Property Management (OFAC) has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in help of the nation’s strategic objectives.
OFAC has additionally sanctioned eight North Korean brokers for facilitating sanctions evasion and supporting their nation’s weapons of mass destruction (WMD) applications.
As we speak’s measures come as a direct response to the Democratic Folks’s Republic of Korea’s (DPRK) alleged launch of a army reconnaissance satellite tv for pc on November 21 to impede DPRK’s capability to generate earnings, purchase sources, and collect intelligence supporting the development of its WMD program.
“Lively since 2012, Kimsuky is subordinate to the UN- and U.S. designated Reconnaissance Normal Bureau (RGB), the DPRK’s main overseas intelligence service,” the Division of Treasury stated at present.
“Malicious cyber exercise related to the Kimsuky superior persistent risk can also be recognized within the cybersecurity business as APT43, Emerald Sleet, Velvet Chollima, TA406, and Black Banshee.”
In August 2010, OFAC linked Kimsuky to North Korea’s Reconnaissance Normal Bureau, the nation’s essential overseas intelligence service.
Whereas initially focusing on South Korean authorities entities, suppose tanks, and people deemed specialists throughout numerous fields, the group slowly broadened its scope, extending operations to embody targets linked to the USA, Russia, Europe, and the United Nations.
Kimsuky’s main focus revolves round harvesting intelligence, centering on overseas coverage and nationwide safety issues in regards to the Korean peninsula and nuclear coverage.
Cyberattacks in opposition to high-profile targets
Excessive-profile assaults attributed to this DPRK cyberespionage group embody the compromise of South Korea’s nuclear reactor operator Korea in 2014, Operation STOLEN PENCIL in opposition to tutorial establishments in 2018, Operation Kabar Cobra in opposition to South Korean authorities organizations and defense-related companies in 2019, and Operation Smoke Display screen the identical yr.
Kimsuky additionally focused no less than 28 United Nations officers and nearly a dozen UN Safety Council officers in spear-phishing assaults in August 2020 and infiltrated South Korea’s Atomic Vitality Analysis Institute in June 2021.
The US Treasury Division sanctioned the North Korean hacking teams Lazarus, Bluenoroff, and Andariel in September 2019 for funneling monetary property stolen in cyberattacks in opposition to victims worldwide to the nation’s authorities.
OFAC additionally introduced sanctions in Could in opposition to 4 North Korean entities concerned in illicit IT employee schemes and cyberattacks designed to generate income to finance DPRK’s WMD applications.
In response to a latest United Nations confidential report, North Korean state hackers had been linked to record-breaking ranges of cryptocurrency theft final yr, stealing between $630 million to over $1 billion in 2022 alone and successfully doubling Pyongyang’s illicit good points from cyber theft from one yr earlier than.
