The US sanctions entities linked to North Korean hackers

The US sanctions entities linked to North Korean hackers

The US Treasury Department sanctioned four North Korean entities and one individual for their involvement in malicious cyber activities that helped to Pyongyang to raise money to support its weapons program.

The list of sanctioned entities includes Pyongyang University of Automation, described by the authorities as “one of the DPRK’s premier cyber instruction institutions,” Technical Reconnaissance Bureau, and the 110th Research Center - two other entities controlled by the Reconnaissance General Bureau (RGB), North Korea’s primary intelligence service and main entity responsible for the country’s malicious cyber activities.

Technical Reconnaissance Bureau leads the DPRK’s development of offensive cyber tactics and tools and operates several departments, including those affiliated with the Lazarus Group, one of the most well-known hacker groups linked to North Korea.

The 110th Research Center has conducted cyber operations against networks worldwide, including the campaign known as DarkSeoul, which destroyed thousands of financial sector systems and resulted in outages at the top three media companies in South Korea.

The US Treasury also sanctioned Chinyong Information Technology Cooperation Company and one of its executives, Kim Sang Man, for their involvement in North Korea’s program to have IT specialists falsify their identities to obtain employment in wealthier countries in order to fund North Korea’s weapons program.

This week, SentinelLabs detailed an ongoing cyber-espionage campaign by a North Korean APT group tracked as Kimsuky, targeting North Korea-focused information services, human rights activists, and DPRK-defector support organizations. The campaign involves a variant of the RandomQuery malware that has the single objective of file enumeration and information exfiltration.

Kimsuky distributes RandomQuery using Microsoft Compiled HTML Help (CHM) files.


Back to the list

Latest Posts

Google patches Chrome zero-day allowing sandbox escape

Google patches Chrome zero-day allowing sandbox escape

The flaw stems from insufficient validation of untrusted input in ANGLE and GPU.
16 July 2025
Ukrainian police dismantle major server network used for malware distribution

Ukrainian police dismantle major server network used for malware distribution

Authorities identified a 33-year-old French national as the organizer of the illegal operation.
16 July 2025
Russian NoName057(16) hacktivist group behind cyberattacks on European infrastructure dismantled

Russian NoName057(16) hacktivist group behind cyberattacks on European infrastructure dismantled

The operation resulted in seven international arrest warrants, including for two alleged ringleaders residing in Russia.
16 July 2025