North Korea's Illicit IT Army
North Korea’s Illicit IT Army

The United States Treasury Department’s Office of Foreign Assets Control (OFAC) has announced sanctions against four entities and one individual. This is for their involvement in illicit IT army schemes and cyberattacks. Through this they were generating revenue to finance North Korea’s weapons development programs.

The Exploitation of IT Workers

North Korea heavily relies on a massive “army” of IT workers. They conceal their identities to secure employment with companies overseas. According to the OFAC, these IT army employ deceptive tactics. These includes using stolen identities, fake personas, and forged documentation to deceive targeted companies.

Financing the Pyongyang Regime

While located in China and Russia, these workers funnel the generated revenue to fund North Korea’s weapons programs. It is not uncommon for fraudulently employed North Korean IT workers to accumulate salaries exceeding $300,000 each year while intentionally concealing their true identities, whereabouts, and nationality.

US Secretary of State’s Statement on Illicit IT army

Secretary of State Antony J. Blinken has acknowledged that the DPRK conducts malicious cyber activities and deploys IT workers abroad to fraudulently obtain employment. He highlights the threat these operations pose to international security. This includes the financing of unlawful weapons of mass destruction and ballistic missile programs.

Entities Sanctioned

The list of entities from the Democratic People’s Republic of Korea (DPRK) sanctioned by the OFAC includes:

  1. Pyongyang University of Automation: Responsible for training “malicious cyber actors” linked to the Reconnaissance General Bureau (RGB), North Korea’s main intelligence bureau.
  • The RGB’s Technical Reconnaissance Bureau and the 110th Research Center cyber unit: Involved in developing malicious tools and coordinating cyberattacks targeting organizations in the United States and the Republic of Korea.
  • Chinyong Information Technology Cooperation Company (aka Jinyong IT Cooperation Company): Linked to the North Korean Ministry of Peoples’ Armed Forces, coordinating IT workers operating from Russia and Laos to generate revenue for the regime.
  • North Korean national Kim Sang Man: Involved in the payment of salaries to family members of Chinyong’s overseas IT worker delegations.

Previous Sanctions and Ongoing Threat

The U.S. has previously imposed sanctions on various North Korean hacking groups and entities involved in cyber activities. The recent confidential report by a panel of United Nations experts highlights a surge in cryptocurrency theft by North Korean threat actors, underscoring the urgent need to address the ongoing cyber threat posed by the DPRK.

Recap – Illicit IT army

The imposition of sanctions against these entities demonstrates a commitment to curbing North Korea’s illicit cyber activities. Also preventing the financing of unlawful weapons programs. The United States remains dedicated to protecting global security and thwarting cybercrime’s impact on international stability.