24 May 2023

The US sanctions entities linked to North Korean hackers


The US sanctions entities linked to North Korean hackers

The US Treasury Department sanctioned four North Korean entities and one individual for their involvement in malicious cyber activities that helped to Pyongyang to raise money to support its weapons program.

The list of sanctioned entities includes Pyongyang University of Automation, described by the authorities as “one of the DPRK’s premier cyber instruction institutions,” Technical Reconnaissance Bureau, and the 110th Research Center - two other entities controlled by the Reconnaissance General Bureau (RGB), North Korea’s primary intelligence service and main entity responsible for the country’s malicious cyber activities.

Technical Reconnaissance Bureau leads the DPRK’s development of offensive cyber tactics and tools and operates several departments, including those affiliated with the Lazarus Group, one of the most well-known hacker groups linked to North Korea.

The 110th Research Center has conducted cyber operations against networks worldwide, including the campaign known as DarkSeoul, which destroyed thousands of financial sector systems and resulted in outages at the top three media companies in South Korea.

The US Treasury also sanctioned Chinyong Information Technology Cooperation Company and one of its executives, Kim Sang Man, for their involvement in North Korea’s program to have IT specialists falsify their identities to obtain employment in wealthier countries in order to fund North Korea’s weapons program.

This week, SentinelLabs detailed an ongoing cyber-espionage campaign by a North Korean APT group tracked as Kimsuky, targeting North Korea-focused information services, human rights activists, and DPRK-defector support organizations. The campaign involves a variant of the RandomQuery malware that has the single objective of file enumeration and information exfiltration.

Kimsuky distributes RandomQuery using Microsoft Compiled HTML Help (CHM) files.


Back to the list

Latest Posts

Cyber security week in review: May 26, 2023

Cyber security week in review: May 26, 2023

The world in brief: New ICS malware discovered, hacktivists expose Russian hacker wanted in the US, Pegasus spyware found in Armenia and Azerbaijan, and more.
26 May 2023
Barracuda’s email gateway appliances breached via zero-day bug

Barracuda’s email gateway appliances breached via zero-day bug

The vulnerability resided in a module which initially screens the attachments of incoming emails.
25 May 2023
Chinese hackers target critical infrastructure in the US

Chinese hackers target critical infrastructure in the US

In a separate campaign China-linked hackers spied on the Kenyan government to obtain information on debts owed to Beijing.
25 May 2023