US Sanctions North Korean Entities for Sending Regime Funds1 Worker Also Sanctioned for Transferring IT Earnings to North Korean Government
The U.S. government sanctioned four entities and one individual involved in helping to funnel payments from malicious activities to support the Democratic People's Republic of Korea government's illicit activities such as unlawful weapons of mass destruction and ballistic missile programs.
The Department of the Treasury sanctioned Pyongyang University of Automation, the Technical Reconnaissance Bureau and its subordinate cyber unit, the 110th Research Center, for playing a key role in conducting malicious cyber activities and deploying IT workers who fraudulently obtained jobs to generate revenue, including virtual currency, to support the Kim regime and its priorities.
The U.S. government alleges North Korean IT workers can earn more than $300,000 per year under the program.
"They deliberately obfuscate their identities, locations and nationalities, typically using fake personas, proxy accounts, stolen identities and falsified or forged documentation to apply for jobs at these companies," Treasury's Office of Foreign Assets Control said.
The department alleges that North Korea generates revenue through the deployment of IT workers who fraudulently obtain employment with companies around the world, maintaining a workforce of thousands of highly skilled IT workers, mostly located in the People's Republic of China and Russia.
It alleges that workers target employers using a variety of mainstream and industry-specific freelance contracting, payment and social media and networking platforms.
The Treasury Department also sanctioned the Chinyong Information Technology Cooperation company office in Vladivostok, Russia. The DPRK-based company employs delegations of North Korean IT workers that operate in Russia and Laos, the department said.
Treasury sanction one employee, Kim Sang Man, who it alleges was responsible for transferring IT earnings to the North Korean government and is involved in the payment of salaries to family members of Chinyong's overseas DPRK worker delegations.
The Treasury Department coordinated the latest sanctions with the Republic of Korea, which imposed sanctions against one entity and one individual associated with overseas DPRK IT workers.
"DPRK malicious actors stole more virtual currency in 2022 than in any previous year, with estimates ranging from $630 million to over $1 billion reportedly doubling Pyongyang's total cyber theft proceeds in 2021," according to a March 2023 UN Panel of Experts report.
Treasury Undersecretary for Terrorism and Financial Intelligence Brian Nelson said the action highlights North Korea's extensive illicit cyber and IT worker operations, which finance the regime's unlawful weapons of mass destruction and ballistic missile programs.
This development follows a similar action taken by South Korea, which sanctioned four North Korean individuals and seven organizations for similar charges in February (see: South Korea Sanctions Pyongyang Hackers).
One of the sanctioned entities, Pyongyang University of Automation, is North Korea's premier cyber instruction institution. The university provides training on malicious cyber activities and offers a platform to work at the Reconnaissance General Bureau, the regime's primary intelligence bureau and the main entity responsible for its malicious cyber activities.
The North Korea-based Technical Reconnaissance Bureau, which was also sanctioned, heads the country's development of offensive cyber tactics and tools and operates several departments, including those affiliated with the Lazarus Group, which was recently carried out the largest virtual currency heist to date, stealing about $620 million in virtual currency from a blockchain project linked to the online game Axie Infinity in March 2022 (see: Update: Crypto Hackers Exploit Ronin Network for $615 Million).