The U.S. Treasury Department is ramping up its efforts to combat cybercrime, specifically targeting three North Koreans allegedly involved in supporting the notorious Lazarus Group, known for its high-profile cyberattacks and cryptocurrency-related thefts. On Monday, the U.S. Treasury’s Office of Foreign Assets Control announced sanctions against three individuals allegedly linked to North Korea’s infamous Lazarus Group.
The Treasury’s Targeted Sanctions
The U.S. Treasury’s Office of Foreign Assets Control revealed on Monday that it has imposed sanctions on three individuals believed to have connections with North Korea’s notorious Lazarus Group.
Wu Huihui, who resides in China, is accused of “facilitating the conversion of virtual currency stolen by [Democratic People’s Republic of Korea] actors working with the Lazarus Group to fiat currency.”
Cheng Hung Man, based in Hong Kong, is suspected of collaborating with Wu to use “front companies to enable DPRK actors to bypass countering illicit finance requirements at financial institutions and access the U.S. financial system.”
Sim Hyon Sop, located in Dandong, China, is employed by Korea Kwangson Banking Corp. (KKBC), which was sanctioned in 2009 for its connections to North Korea. According to the allegations, Sim “coordinated millions of dollars in financial transfers for the DPRK.”
Brian Nelson, the Undersecretary for Terrorism and Financial Intelligence at the Department, referred to North Korea in a statement and said,
“The DPRK continues to exploit virtual currency and extensive illicit facilitation networks to access the international financial system and generate revenue for the regime.”
Lazarus Group’s Connection With Crypto
The Lazarus Group, suspected to be backed by the North Korean government, has been involved in numerous cyberattacks over the years, targeting crypto space recently. OFAC has previously sanctioned two Chinese nationals, Tian Yinyin and Li Jiadong, for their alleged involvement in laundering crypto connected to a 2018 cryptocurrency exchange hack. While OFAC did not disclose the name of the exchange, it did mention that the Lazarus Group was suspected of being linked to the attack.
The Lazarus Group has been associated with numerous hacks over the years, including the high-profile 2022 Ronin Network attack, which is widely considered the largest crypto heist in history. The hackers managed to steal a staggering $625 million during the attack, and the FBI has since traced the crime back to the Lazarus Group.
In addition to these incidents, last year the group was suspected of targeting several Japanese crypto companies. OFAC data indicates that cyber actors with ties to North Korea managed to steal an estimated $1.7 billion worth of cryptocurrency in 2022 alone, demonstrating the group’s continued prominence and threat to the industry.
The Treasury Department suspects that the Lazarus Group has connections to the Reconnaissance General Bureau, which is North Korea’s intelligence agency, and is involved in the trade of arms for the Democratic People’s Republic of Korea (DPRK). It seems that the bureau uses the cryptocurrency obtained through illicit means to finance nuclear and ballistic military programs in North Korea.