Treasury sanctions cyber actors tied to North Korea

The Treasury Department imposed sanctions Tuesday against cyber actors, including four entities and one person, for hiding illicit funds and engaging in malicious cyber activity that supports the North Korean regime.

The agency said the North Korean government, known as the Democratic People’s Republic of Korea (DPRK), often employs cyber and IT workers to steal funds, including digital currency, to support the country’s leader, Kim Jong Un.

“Today’s action continues to highlight the DPRK’s extensive illicit cyber and IT worker operations, which finance the regime’s unlawful weapons of mass destruction and ballistic missile programs,” said Brian E. Nelson, under secretary for the Treasury’s Office of Terrorism and Financial Intelligence, in a statement.

“The United States and our partners remain committed to combating the DPRK’s illicit revenue generation activities and continued efforts to steal money from financial institutions, virtual currency exchanges, companies, and private individuals around the world,” he added.

One of the entities sanctioned is Pyongyang University of Automation, which the Treasury described as one of North Korea’s “premier cyber instruction institutions” and said has been training cyber criminals who go on to work in cyber units tied to the Reconnaissance General Bureau (RGB) — the country’s primary intelligence agency.

The Treasury also cited a recent United Nations report that found North Korean state-sponsored cyber actors stole more digital currency in 2022 than in previous years, with estimates ranging from $630 million to more than $1 billion.

Last year, the FBI confirmed a North Korean cyber group known as the Lazarus Group was responsible for stealing about $620 million in cryptocurrency from the virtual game Axie Infinity. The Treasury Department sanctioned the group, along with two of its subsidiaries, in 2019 for targeting critical infrastructure.

U.S. officials have been raising the alarm about North Korea’s increasing participation in crypto heists to fund its nuclear weapon and ballistic missile programs.

Last year, Anne Neuberger, the Biden administration’s deputy national security adviser for cyber and emerging technology, said she was “very concerned about North Korea’s cyber capabilities,” adding that the country uses “cyber to gain up to a third of [stolen crypto] funds to fund their missile program.”

“That’s a major issue, whether it’s attacks against cryptocurrency exchanges or use of information technology workers in various countries,” Neuberger added.