North Korean University Sanctioned by US For Training Hackers
The US Imposes Sanctions on Four Entities and One Individual Linked to North Korean Government’s Cyber Activities
The United States government has taken action against four entities and one individual involved in cyber activities on behalf of the North Korean government. These activities include launching malicious campaigns worldwide, targeting both organizations and individuals. The primary objective of these campaigns is to generate illicit revenue, which in turn supports the priorities of the Pyongyang regime. The US Treasury’s Office of Foreign Assets Control (OFAC) has revealed that the Pyongyang University of Automation plays a significant role in training North Korean threat actors. Many of these individuals secure employment within units of the Reconnaissance General Bureau (RGB), which serves as the country’s primary intelligence bureau.
The Technical Reconnaissance Bureau, along with its cyber unit, the 110th Research Center, is under the control of the Reconnaissance General Bureau (RGB), which was designated by the US Treasury’s Office of Foreign Assets Control (OFAC) in 2015 as being subordinated to the North Korean government. This bureau plays a crucial role in driving Pyongyang’s advancement in cyber tools and tactics. It operates various departments, with some specifically affiliated with Lazarus, a threat actor group that the United States held responsible for a notable $620 million cryptocurrency heist in the previous year.
The 110th Research Center, an organization based in the US, has been attributed to a series of cyberattacks, including the significant DarkSeoul campaign. Additionally, they have been accused of engaging in the unauthorized acquisition of confidential government data from South Korea, particularly pertaining to military defense and response strategies.
Pyongyang University of Automation, Technical Reconnaissance Bureau, and the 110th Research Center are being designated pursuant to E.O. 13687 for being agencies, instrumentalities, or controlled entities of the Government of North Korea or the Workers’ Party of Korea
The United States has alleged that North Korea engages in a revenue-generating practice involving fraudulent employment of IT workers across various industries, including technology and cryptocurrency sectors, worldwide.
These workers, predominantly situated in China and Russia, employ tactics such as assuming fake identities to secure jobs in economically prosperous nations. While their primary affiliation lies with North Korean entities associated with weapons of mass destruction and ballistic missile programs, their activities are distinct from North Korea’s malicious cyber operations.
Our Readers ALSO READFeds shut down 13 further DDoS-for-Hire services.
However, there have been instances where these individuals have been observed supporting the country’s cyber program by leveraging their privileged access to virtual currency firms.
According to US authorities, the Chinyong Information Technology Cooperation Company (also known as Jinyong IT Cooperation Company), linked to the Ministry of Peoples’ Armed Forces, and North Korean national Kim Sang Man, are implicated in orchestrating such operations involving IT workers.
Pursuant to E.O. 13687 and E.O. 13810, all property and interests in property of the persons named above that are in the United States, or in the possession or control of U.S. persons, are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.