North Korea’s Kimsuky group sanctioned by the US government

The US government, through the Treasury Department’s Office of Foreign Assets Control (OFAC), has imposed sanctions on the notorious North Korean state-sponsored Kimsuky hacking group. This organisation has been one of the most active threat groups from the DPRK since 2012. It is also a known affiliate of the Reconnaissance General Bureau (RGB), North Korea’s primary foreign intelligence service.

Additionally, the sanctions target not only Kimsuky but also eight North Korean agents involved in helping sanctions evasion and supporting the country’s weapons of mass destruction programs.

This sanction follows the alleged launch of a military reconnaissance satellite by the DPRK last month. In addition, experts believe that the US sanctions are a strategic move that will obstruct the DPRK’s capacity to earn income, acquire resources, and gather intelligence to advance its WMD program.

 

The Kimsuky threat group is one of North Korea’s leading cyberespionage groups.

 

Kimsuky, known in the cybersecurity industry as APT43, is notorious for its cyber espionage campaigns. The group started as an exclusive attacker of South Korean entities. Still, it expanded its target scope and included other nations, such as the United States, Russia, Europe, and the United Nations.

The hacking group’s primary mission is to gather intelligence, primarily focusing on foreign policy and national security concerns about the Korean peninsula and nuclear policy. Over the years, Kimsuky has been involved in high-profile cyberattacks, including the compromise of South Korea’s nuclear reactor operator, Operation STOLEN PENCIL against academic institutions, Operation Kabar Cobra against South Korean government organisations, and Operation Smoke Screen.

The sanctions against Kimsuky are part of a broader effort by the US Treasury Department to impede North Korea’s cyber threats and other malicious plans. In 2019, the department sanctioned other North Korean hacking groups, including Lazarus, Bluenoroff, and Andariel. These groups were implicated in funnelling stolen financial assets from cyberattacks to the North Korean government.

Moreover, the OFAC had previously announced sanctions in May against four North Korean entities involved in illegal IT worker campaigns and cyberattacks aimed at financing the DPRK’s WMD programs.

Lastly, a recent United Nations confidential report reveals that North Korean state hackers were responsible for record-breaking levels of cryptocurrency theft last year, totalling between $630 million and over $1 billion, effectively doubling Pyongyang’s illicit gains from cyber theft compared to the previous year.

However, these sanctions are still insignificant if the North Korean threat groups continue their operations since they could still acquire ill-gotten wealth from different cyberattacks and crypto heist operations.