US Sanctions North Korean Entities Training Expat IT Workers in Russia, China and Laos

Written by

Washington has sanctioned four entities and one individual involved in obfuscated revenue generation and malicious cyber activities that support the North Korean government, the US Treasury announced on May 23, 2023.

Three entities, the Pyongyang University of Automation, the Technical Reconnaissance Bureau and its subordinate cyber unit, the 110th Research Center, have been sanctioned because of their link with North Korea’s primary intelligence service, the Reconnaissance General Bureau (RGB), which US officials say is behind many of the country's cyber espionage and cyber theft activities.

“The DPRK-based Technical Reconnaissance Bureau leads the DPRK’s development of offensive cyber tactics and tools and operates several departments, including those affiliated with the Lazarus Group,” the US Treasury Department said.

The sanction issued against a fourth entity, the Chinyong Information Technology Cooperation Company – also known as Jinyong IT Cooperation Company – comes from the fact that the organization illicitly employs IT workers “who fraudulently obtain employment, [notably] in Russia and Laos, to generate revenue, including in virtual currency, to support the Kim regime and its priorities, such as its unlawful weapons of mass destruction and ballistic missile programs.”

One such representative of the Chinyong office, North Korean national Kim Sang Man, located in Vladivostok, Russia, “is presumed to be involved in the sale and transfer of IT equipment for the North Korean regime and, as recently as 2021, received cryptocurrency funds transfers from IT teams located in China and Russia that were valued at more than $2m.”

These workers typically hide their identities, locations and nationalities and use forged documentation to apply for jobs. They have secretly worked in several industries, including the fields of "business, health and fitness, social networking, sports, entertainment and lifestyle.”

Kim Sang Man was sanctioned jointly by the United States and South Korea.

What’s hot on Infosecurity Magazine?