US sanctions entities aiding North Korean malicious cyber activities
Their activities ‘finance the regime’s unlawful weapons of mass destruction and ballistic missile programs,’ Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson stated.
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against four entities and one individual for alleged involvement in ‘obfuscated revenue generation and malicious cyber activities that support the Democratic People’s Republic of Korea (DPRK) Government.’
It is alleged that DPRK is involved in malicious cyber activities, planting IT workers in targeted companies and using cyberattacks to generate revenue to fund North Korea’s weapons development programs.
The entities and people sanctioned were:
- Pyongyang University of Automation for training malicious cyber actors, many of whom work for North Korea’s main intelligence bureau, the Reconnaissance General Bureau (RGB), which is believed to be responsible for coordinating the cyberattacks.
- RGB’s Technical Reconnaissance Bureau and the 110th Research Center cyber unit for their involvement in developing malicious tools in close coordination with departments having links with North Korean cyber threat actors, such as the Lazarus Group.
- Chinyong Information Technology Cooperation Company (also known as Jinyong IT Cooperation Company) for having links with the North Korean Ministry of Peoples’ Armed Forces and coordinating the IT workers operating from Russia and Laos.
- North Korean national Kim Sang Man for allegedly paying salaries to families of Chinyong’s overseas IT workers.