US, South Korea issue fresh North Korea sanctions on ‘illicit’ IT workforce

WASHINGTON - The United States and South Korea on Tuesday announced new North Korea sanctions related to thousands of information technology (IT) workers, many operating in China and Russia, whose labour allegedly helps fund weapons of mass destruction and missile programmes, they said.

One individual, Mr Kim Sang Man, and the North Korea-based Chinyong Information Technology Cooperation Company were sanctioned jointly by the US and South Korea in relation to their IT worker activities, the US Treasury Department said.

South Korea’s Foreign Ministry separately announced new sanctions on seven individuals and three entities, including Mr Kim and the IT company, Chinyong.

North Korea oversees thousands of IT workers around the world, primarily located in China and Russia, the Treasury Department said. These workers “generate revenue that contributes to its unlawful WMD and ballistic missile programmes”.

The workers hide their identities, locations and nationalities, and use forged documentation to apply for jobs, it said.

They have secretly worked in a variety of positions and industries, including the fields of “business, health and fitness, social networking, sports, entertainment, and lifestyle”, the Treasury Department added.

In the past, the US State Department has warned that hiring North Korean IT workers could also lead to incidents of intellectual property theft.

Three other groups – the 110th Research Centre, the Pyongyang University of Automation and the Technical Reconnaissance Bureau – had been previously sanctioned by South Korea for engaging in cyber operations and illicit revenue generation that support North Korea’s weapons of mass destruction programmes, the Treasury Department said.

Mr Brian Nelson, Under Secretary for Terrorism and Financial Intelligence, said in a statement: “Today’s action continues to highlight (North Korea’s) extensive illicit cyber and IT worker operations, which finance the regime’s unlawful weapons of mass destruction and ballistic missile programmes.”

South Korea’s Foreign Ministry said the latest announcement demonstrates joint efforts with the US to block North Korea’s malicious revenue generation through illicit cyber activities.

In its announcement, the Treasury Department noted that the Technical Reconnaissance Bureau currently leads North Korea’s offensive cyber efforts and oversees staff affiliated with the infamous Lazarus hacking group.

Lazarus has been accused of carrying out some of the largest virtual currency heists to date. In March 2022, for example, the group allegedly stole about US$620 million (S$835 million) in virtual currency from a blockchain project linked to the online game Axie Infinity. REUTERS