Content
Australia has taken decisive action by imposing financial sanctions and travel bans on four entities and one individual linked to North Korea's notorious cryptocurrency theft operations. Foreign Minister Penny Wong revealed that among those targeted is the infamous Lazarus Group, a hacking collective that’s been active for over fifteen years. This group gained notoriety for high-profile cyberattacks, including the 2014 breach of Sony Pictures and the devastating WannaCry ransomware attack in 2017. Australia’s sanctions also extend to Park Jin Hyok, a computer programmer allegedly tied to Lazarus. Hyok is suspected to be behind several major cyber incidents, including the Sony hack, WannaCry, and the Bangladesh Bank cyber robbery, and is believed to remain in North Korea. While the U.S. had already sanctioned Hyok in 2018, Australia has now also targeted the government front company he reportedly works for, Chosun Expo.
Another focal point of Australia’s sanctions is Andariel, a subgroup of Lazarus also known as Advanced Persistent Threat 45. This unit specializes in espionage targeting sectors like defense, aerospace, nuclear, and engineering worldwide. Similarly, Kimsuky, another espionage-focused entity, has been sanctioned for conducting intelligence operations against South Korean government bodies, think tanks, and foreign policy analysts. These moves signify Australia’s increasing efforts to clamp down on state-sponsored cyber espionage linked to North Korea.
On the other side of the Pacific, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) has also intensified its crackdown on North Korean cyber actors. OFAC highlighted that North Korea heavily depends on illicit activities, particularly cybercrime, to fund its weapons of mass destruction and ballistic missile programs. The revenue gathering involves hackers deploying malware and social engineering tactics to steal cryptocurrency, alongside covert North Korean IT workers infiltrating Western companies under false pretenses. This cybercriminal network is estimated to have amassed around US$3 billion, mostly in cryptocurrency, making it a critical target for law enforcement.
OFAC’s recent sanctions include two North Korean bankers, Jang Kuk Chol and Ho Jong Son, who are accused of managing millions of dollars related to ransomware operations via the First Credit Bank. In addition, the Korea Mangyongdae Computer Technology Company (KMCTC), which is believed to coordinate North Korean IT worker delegations from Chinese cities like Shenyang and Dandong, has also been sanctioned. The Ryojung Credit Bank faces designation for money laundering and facilitating financial transactions for North Korean IT workers. Moreover, five representatives of North Korean financial institutions, reportedly operating out of China or Russia, have been hit with sanctions.
Earlier this year, Australia, alongside ten Western allies, released a report by the Multilateral Sanctions Monitoring Team (MSMT). The report detailed North Korea’s blatant violations and evasions of United Nations Security Council resolutions through its cyber operations and deployment of IT workers abroad. These coordinated sanctions demonstrate a growing international effort to stifle North Korea’s cyber-enabled revenue streams and espionage campaigns, signaling increased global cooperation against these persistent threats.
