South Korea has announced sanctions against 15 North Korean individuals and one entity involved in cybercrimes, including large-scale cryptocurrency thefts.
The move comes amid growing concerns about North Korea’s use of cyber operations to fund its weapons programs and evade international sanctions.
South Korea imposes sanctions on North Korean hackers, IT operators
South Korea’s Ministry of Foreign Affairs notably revealed in a statement released on December 26 that the sanctioned individuals are linked to Office 313, an organization under the Machine Building Industry Department of the Workers’ Party of Korea.
This office, which has been under United Nations Security Council sanctions since 2016, plays an important role in overseeing North Korea’s weapons production, including its ballistic missile program.
According to the ministry, these agents are often sent to countries such as China, Russia, Southeast Asia and Africa, where they operate under disguised identities to gain employment in IT companies.
Many of these people infiltrate IT networks, manipulate company operations, and in some cases carry out cryptocurrency thefts. One of those individuals, Kim Cheol-min, allegedly infiltrated IT companies in the United States and Canada, transferring large sums of foreign currency to North Korea.
Additionally, a sanctioned entity is also known to send North Korean IT personnel abroad to obtain illicit funds for Pyongyang’s regime and military operations.
Crypto theft and cyber activities intensify
In particular, the reasons behind the sanctions on these North Korean perpetrators are quite evident. Recent reports from blockchain analysis firm Chainalysis reveal that North Korean hackers stole approximately $1.34 billion in cryptocurrency in 47 incidents last year.
This significant figure represents 61% of total cryptocurrency theft globally in 2023, marking a sharp increase in both frequency and scale.
According to the report, these attacks are often meticulously planned and agents use advanced tactics, techniques and procedures (TTP) to breach corporate networks and extract valuable digital assets.
The Chainalysis report also points out a worrying trend: many of these thefts are facilitated by North Korean IT workers embedded in global tech companies, including cryptocurrency companies and Web3.
These agents often use false identities, third-party intermediaries, and remote work opportunities to gain unauthorized access to sensitive systems.
Once inside, they manipulate networks, compromise security protocols, and extract funds in the form of cryptocurrency, which are then laundered through complex blockchain transactions to evade detection.
While the sanctions represent a significant step, North Korea’s cyber capabilities will likely remain a persistent threat without coordinated global oversight and advanced cybersecurity measures. The South Korean government wrote:
Our government will continue to work with the international community to block North Korea’s illegal cyber activities with a high level of alert. This independent sanction is scheduled to come into force from 00:00 on Monday, December 30 through publication in the Official Gazette. Financial and foreign exchange transactions for the designated purposes of this independent sanction require prior approval from the Financial Services Commission or the Governor of the Bank of Korea.
Featured image created with DALL-E, TradingView chart
