Briane nelson
Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson | U.S. Department of the Treasury

Nelson: Sanctions 'highlight the DPRK’s extensive illicit cyber and IT worker operations'

Four entities and one individual have received sanctions for conducting illegal cybercrimes to help fund the North Korean government.

The Department of the Treasury’s Office of Foreign Assets Control recently announced designations for four entities and one individual involved in illicit financial cybercrimes which helps generate revenue for the Democratic People’s Republic of Korea government and its weapons of mass destruction and ballistic missile programs, according to a May 23 news release.

“Today’s action continues to highlight the DPRK’s extensive illicit cyber and IT worker operations, which finance the regime’s unlawful weapons of mass destruction and ballistic missile programs,” Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said in the release. “The United States and our partners remain committed to combating the DPRK’s illicit revenue generation activities and continued efforts to steal money from financial institutions, virtual currency exchanges, companies and private individuals around the world.”

Included in the sanctions are the Pyongyang University of Automation; the Technical Reconnaissance Bureau and its subordinate cyber unit, the 110th Research Center; the Chinyong Information Technology Cooperation Company; and a Chinyong representative Kim Sang Man, the release reported.

The DPRK reportedly trains and deploys agents to obtain employment around the world and conduct malicious cybercrimes and steal virtual currency in order to generate revenue to support the Kim regime and its agendas including its WMD program, according to the release. The Pyongyang University of Automation is responsible for training many of these workers who often go on to work for Pyongyang's Reconnaissance General Bureau, an entity that was designated by the OFAC in 2015. 

Under the RGB, the Technical Reconnaissance Bureau and the 110th Research Center lead the country's offensive cyber tactics and tools program, the release reported. The entities have been linked to cybercrimes against the U.S. and the Republic of Korea.

The DPRK also deploys agents to fraudulently seek employment in technology and virtual currency companies around the world to generate funds which is sent back to the regime, the release said. These workers typically use false identities and forged documents to obtain jobs in companies around the world. The Chinyong Information Technology Cooperation Company, also known as Jinyong IT Cooperation Company, reportedly deploys these DPRK IT workers to operate in Russia and Laos. 

Kim reportedly operates an office in Vladivostok, Russia, and is allegedly involved in sending the salaries of these DPRK IT workers to their family members, according to the release. Kim is also suspected of being involved in obtaining IT equipment for the DPRK.

By jointly designating the person and one of the businesses listed below, the organizations are demonstrating a continuous coordination with Republic of Korea colleagues who are implementing sanctions action against abroad DPRK IT workers, the release reported. In addition, the Republic of Korea imposed sanctions on the other three entities Feb. 10, for engaging in cyber activities and illegal income creation that support the DPRK's weapons of mass destruction programs.

A United Nations Panel of Experts study dated March 2023 claims DPRK cyber criminals stole more virtual money in 2022 than in any other year, with estimates ranging from $630 million to more than $1 billion, according to the release. This theft is also said to have doubled Pyongyang's overall revenues from cybercrime in 2021.