Australia and US impose sanctions on North Korean cyber ops

Australia has imposed financial sanctions and travel bans on four entities and one individual linked to North Korea's cryptocurrency theft operations, foreign minister Penny Wong announced today.

The entities include the notorious Lazarus Group hackers, which have been active for around a decade-and-a-half, said to be responsible for the 2014 attack on Sony Pictures, and the WannaCry ransomware campaign of 2017.

Australia also sanctioned a computer programmer allegedly associated with Lazarus, Park Jin Hyok.

Hyok is sought for alleged involvement in the Sony Pictures, WannaCry and Bangladesh Bank attacks, and is thought to be in North Korea.

The United States first sanctioned Hyok in 2018, and Australia has now hit the government front company he is said to work for, Chosun Expo.

A sub-group of Lazarus, Andariel (Advanced Persistent Threat 45) that targets defence, aerospace, nuclear and engineering organisations around the globe to spy on them, has also been sanctioned by Australia.

Another espionage-focused entity, Kimsuky, which has gone after South Korean government agencies, thinktanks and foreign policy analysts for intelligence gathering, is also now sanctioned by Australia.

Meanwhile, the US Treasury's Office of Foreign Assets Control (OFAC) has also gone after North Korean hackers and entities.

OFAC said North Korea "relies on a broad range of illicit activity, including cybercrime, to generate revenue for its weapons of mass destruction and ballistic missile programs".

Hackers attempting to steal cryptocurrency by using malware and social engineering are tasked with the revenue gathering, along with under cover North Korean IT workers who seek employment with Western companies.

The cybercriminals are said to have reaped US$3 billion ($4.6 billion), mostly in cryptocurrency, through their activites, OFAC said, with the agency taking a follow-the-money approach with the current wave of sanctions.

Now, OFAC said it has sanctioned two North Korean bankers, Jang Kuk Chol and Ho Jong Son, for managing millions in funds linked to a ransomware operator, at the also-designated First Credit Bank.

The Korea Mangyongdae Computer Technology Company (KMCTC) which operates IT worker delegations from Chinese cities Shenyang and Dandong, has been sanctioned by OFAC.

Ryojung Credit Bank is on OFAC's designated entities list for money laundering and handling financial transactions for North Korean IT workers.

Five representatives of North Korean financial institutions, said to be based in China or Russia, have also been sanctioned by OFAC.

Australia and 10 Western allies released a report in October this year, by the Multilateral Sanctions Monitoring Team (MSMT) that outlines North Korea's violations and evasions of United Nations Security Council resolutions, through cyber operations and IT workers.