The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Thursday sanctioned the North Korea-linked adversarial collective known as Kimsuky as well as eight foreign agents accused of facilitating sanctions evasion.
The agents, the Treasury SAYShelped to “obtain missile-related revenue and technology that supports the DPRK’s weapons of mass destruction (WMD) programs.”
The sanctions against Kimsuky for gathering intelligence to support the regime’s strategic objectives, come more than four years after OFAC imposed similar steps against the Lazarus Group and its subsidiaries Andariel and BlueNoroff in September 2019.
The actions were in response to North Korea’s launch of a military reconnaissance satellite last month, the Treasury added. They also come a day after a virtual currency mixer service called Sinbad was authorized to process stolen assets linked to hacks carried out by the Lazarus Group.
Kimsuky – also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Nickel Kimball, and Velvet Chollima – is a prolific cyber espionage crew that primarily targets governments, nuclear organizations, and foreign relations entity to collect intelligence that would help further North Korea’s interests.
“The group combines moderately sophisticated technical capabilities with aggressive social engineering tactics, particularly against South Korean and US-based government organizations, academics, and think tanks focused on issues on the geopolitical Korean peninsula,” Google-owned Mandiant said in October 2023.
Like the Lazarus Group, it is also an element within the Reconnaissance General Bureau (RGB), which is North Korea’s main foreign intelligence service responsible for intelligence gathering operations. It has been known to be active since at least 2012.
“Kimsuky uses social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts to affect its interests by gaining illegal access to private documents, research, and communication with their targets,” the Treasury said.
The agency also identified Kang Kyong Il, Ri Sung Il, and Kang Phyong Guk for acting as arms sales representatives; So Myong, Choe Un Hyok, and Jang Myong Chol for engaging in illicit financial transfers to purchase material for North Korea’s missile programs; and Choe Song Chol and Im Song Sun for the management of leading companies involved in generating income through the export of skilled workers.
“The geographic breakdown of North Korean threat groups targeting the cryptocurrency industry (following a multi-pronged approach), where Kimsuky FOUND targeting the cryptocurrency industry in South Korea, and Lazarus Group has a more global presence in their cryptocurrency targeting operations,” Recorded Future said in a new report published this week.