Kimsuky Cyber Espionage Group Sanctioned by US Treasury

The Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury has imposed sanctions on the North Korea-supported hacking group Kimsuky for stealing intelligence data to aid the strategic objectives of the Democratic People’s Republic of Korea (DPRK). OFAC has also sanctioned eight North Korean agents for aiding in sanction evasion and supporting the country’s weapons of mass destruction (WMD) programs.

These measures are a direct response from the United States to the DPRK’s alleged launch of a military reconnaissance satellite on November 21, aimed at undermining the DPRK’s ability to generate revenue, acquire resources, and gather intelligence crucial for advancing its WMD program.

Kimsuky hacking group

The U.S. Treasury Department stated that Kimsuky, operating since 2012, reports to the Reconnaissance General Bureau, designated by the UN and the U.S., as the primary external intelligence service of the DPRK. Kimsuky is also known in the cybersecurity industry as APT43, Emerald Sleet, Velvet Chollima, TA406, and Black Banshee.

 

Initially targeting South Korean government institutions, think tanks, and individuals deemed experts in various fields, the group gradually expanded its scope to include targets related to the U.S., Europe, and the UN.

Kimsuky primarily focuses on gathering intelligence data, centering on foreign policy and national security issues concerning the Korean Peninsula and nuclear policy.

It should be noted that U.S. federal agencies recently warned that Chinese and North Korean cybercriminal groups continue to pose a serious threat to the U.S. healthcare sector and public health, conducting espionage campaigns and stealing intellectual property. Among the primary threat actors, the agencies identified Chinese and North Korean groups, including Kimsuky.

Furthermore, in August, Kimsuky carried out a cyberattack on computer systems used for joint military exercises between the U.S. and South Korea. The hackers attempted to access military infrastructure, resulting in the compromise of computers from Company A, which provides computer simulation services for the Freedom Shield military exercises.