US, South Korea Issue Fresh North Korea Sanctions on ‘Illicit’ IT Workforce

The United States and South Korea on Tuesday announced new North Korea sanctions related to thousands of IT workers, many operating in China and Russia, whose labors allegedly help fund weapons of mass destruction and missile programs, they said. One individual, Kim Sang Man, and the North Korea-based Chinyong Information Technology Cooperation Company were sanctioned jointly by the United States and South Korea in relation to their IT worker activities, U.S. Treasury Department said. South Korea’s foreign ministry separately announced new sanctions on seven individuals and three entities, including Kim and the IT company, Chinyong. North Korea oversees thousands of IT workers around the world, primarily located in China and Russia, Treasury said. These workers “generate revenue that contributes to its unlawful WMD and ballistic missile programs.” The workers hide their identities, locations, and nationalities and use forged documentation to apply for jobs, it said. They have secretly worked in a variety of positions and industries, including the fields of “business, health and fitness, social networking, sports, entertainment, and lifestyle,” the Treasury Department said. In the past, the U.S. State Department has warned that hiring North Korean IT workers could also lead to incidents of intellectual property theft. Three other groups—the 110th Research Center, Pyongyang University of Automation, and Technical Reconnaissance Bureau – had been previously sanctioned by South Korea for engaging in cyber operations and illicit revenue generation that support North Korea’s weapons of mass destruction programs, Treasury said. “Today’s action continues to highlight (North Korea’s) extensive illicit cyber and IT worker operations, which finance the regime’s unlawful weapons of mass destruction and ballistic missile programs,” Brian Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence, said in a statement. South Korea’s foreign ministry said the latest announcement demonstrates joint efforts with the United States to block North Korea’s malicious revenue generation through illicit cyber activities. In its announcement, the Treasury Department noted that the Technical Reconnaissance Bureau currently leads North Korea’s offensive cyber efforts and oversees staff affiliated with the infamous Lazarus hacking group. Lazarus has been accused of carrying out some of the largest virtual currency heists to date. In March 2022, for example, they allegedly stole about $620 million in virtual currency from a blockchain project linked to the online game Axie Infinity. By Christopher Bing and Doina Chiacu

US, South Korea Issue Fresh North Korea Sanctions on ‘Illicit’ IT Workforce

The United States and South Korea on Tuesday announced new North Korea sanctions related to thousands of IT workers, many operating in China and Russia, whose labors allegedly help fund weapons of mass destruction and missile programs, they said.

One individual, Kim Sang Man, and the North Korea-based Chinyong Information Technology Cooperation Company were sanctioned jointly by the United States and South Korea in relation to their IT worker activities, U.S. Treasury Department said.

South Korea’s foreign ministry separately announced new sanctions on seven individuals and three entities, including Kim and the IT company, Chinyong.

North Korea oversees thousands of IT workers around the world, primarily located in China and Russia, Treasury said. These workers “generate revenue that contributes to its unlawful WMD and ballistic missile programs.”

The workers hide their identities, locations, and nationalities and use forged documentation to apply for jobs, it said. They have secretly worked in a variety of positions and industries, including the fields of “business, health and fitness, social networking, sports, entertainment, and lifestyle,” the Treasury Department said.

In the past, the U.S. State Department has warned that hiring North Korean IT workers could also lead to incidents of intellectual property theft.

Three other groups—the 110th Research Center, Pyongyang University of Automation, and Technical Reconnaissance Bureau – had been previously sanctioned by South Korea for engaging in cyber operations and illicit revenue generation that support North Korea’s weapons of mass destruction programs, Treasury said.

“Today’s action continues to highlight (North Korea’s) extensive illicit cyber and IT worker operations, which finance the regime’s unlawful weapons of mass destruction and ballistic missile programs,” Brian Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence, said in a statement.

South Korea’s foreign ministry said the latest announcement demonstrates joint efforts with the United States to block North Korea’s malicious revenue generation through illicit cyber activities.

In its announcement, the Treasury Department noted that the Technical Reconnaissance Bureau currently leads North Korea’s offensive cyber efforts and oversees staff affiliated with the infamous Lazarus hacking group.

Lazarus has been accused of carrying out some of the largest virtual currency heists to date. In March 2022, for example, they allegedly stole about $620 million in virtual currency from a blockchain project linked to the online game Axie Infinity.

By Christopher Bing and Doina Chiacu