South Korea takes action against North Korean cybercriminals

South Korea has stepped up efforts to curb illegal cyber operations by its northern neighbor, the Democratic People’s Republic of Korea (DPRK), which have risen to alarming levels.

These activities, which include cryptocurrency theft and IT-related foreign currency generation, are said to be funding Pyongyang’s nuclear and missile programs.

Crypto Crimes Funding Military Developments

In a press statement released on Christmas Day, the South Korean government announced that it had designated 15 North Korean IT employees and one organization under separate sanctions.

The individuals allegedly belong to the 313 General Office, an entity linked to the DPRK’s Ministry of Munitions Industry, which oversees the country’s weapons development programs.

Among them, Kim-Cheol-Min is accused of working secretly for technology companies in the United States and Canada, funneling large sums of money to the North Korean regime. Another individual, Kim Ryu-Sung, previously faced indictment in the US for violating sanctions.

The measures will also target economic information technology exchange company Chosun Geumjeong, which is said to be sending IT workers abroad to help generate foreign currency for North Korea. The money is used to finance military developments in the pariah nation.

Once the sanctions take effect on December 30, 2024, South Korean law requires that any financial transactions with the affected individuals and entities must receive approval from the Financial Services Commission or the Governor of the Bank of korea

Growing threat from North Korea

The restrictions against alleged DPRK operatives come even as a recent Chainalysis report revealed that North Korean actors were responsible for 61% of the $2.2 billion stolen in 2024 in crypto theft worldwide. Hackers used sophisticated tactics such as malware deployment and social engineering that allowed them to target major digital asset companies.

In one case, decentralized finance (DeFi) platform Radiant Capital suffered a $50 million hack attributed to North Koreans. The attackers orchestrated the breach using malware distributed through Telegram, exploiting weaknesses in the platform’s security.

In addition, the notorious hacking outfit, the Lazarus Group, has been linked to another $50 million heist, this time on crypto exchange Upbit. South Korean authorities, working with the FBI and Swiss prosecutors, confirmed the group’s involvement and shed light on its ties to the DPRK’s top intelligence agency, the Bureau General Recognition.

Kaspersky Labs security analyst Vasily Berdnikov also connected the syndicate to an elaborate hacking plot that involved cloning a popular blockchain game and embedding malicious code into its website, allowing it to install malware on the systems of anyone who played the game.

Meanwhile, US authorities have been addressing related issues. On December 17, the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and an entity for allegedly laundering millions of dollars in crypto for the Kim Jong Un administration.

SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).

LIMITED OFFER for CryptoPotato readers on Bybit – Use this link to register and open a FREE $500 position with any currency!