Connect with us

Hi, what are you looking for?



US Sanctions North Korean University for Training Hackers

The US government has announced sanctions against four entities and one individual engaging in cyber activities on behalf of the North Korean government.

The US Department of the Treasury on Tuesday announced sanctions against four entities and one individual for engaging in malicious cyber activities on behalf of the North Korean government.

North Korean threat actors, such as the infamous Lazarus group, launch malicious campaigns targeting organizations and individuals worldwide to generate illicit revenue to support the Pyongyang regime and its priorities, the US says.

According to the Treasury’s Office of Foreign Assets Control (OFAC), North Korean threat actors are trained at the Pyongyang University of Automation, with many of them landing jobs within units of the Reconnaissance General Bureau (RGB), the country’s primary intelligence bureau.

RGB, which was designated by OFAC in 2015 as being subordinated to the North Korean government, also controls the Technical Reconnaissance Bureau and its cyber unit, the 110th Research Center.

In leading Pyongyang’s development of cyber tools and tactics, the Technical Reconnaissance Bureau operates multiple departments, some affiliated with Lazarus, which the US blamed for a $620 million crypto heist last year.

The 110th Research Center, the US says, is responsible for numerous cyberattacks, including the devastating DarkSeoul campaign, and for the theft of sensitive government information from South Korea, related to military defense and response planning.

“Pyongyang University of Automation, Technical Reconnaissance Bureau, and the 110th Research Center are being designated pursuant to E.O. 13687 for being agencies, instrumentalities, or controlled entities of the Government of North Korea or the Workers’ Party of Korea,” the US announced.

Advertisement. Scroll to continue reading.

North Korea, the US says, also generates revenue through IT workers who fraudulently obtain employment at organizations worldwide, including in the technology and cryptocurrency sectors.

Mainly located in China and Russia, these workers hide their identities through fake personas and other means to apply for jobs at companies in wealthier countries. These individuals are subordinated to North Korean entities involved in the country’s weapons of mass destruction and ballistic missile programs.

Their work typically differs from North Korea’s malicious cyber activity, but they were seen in some cases supporting the country’s cyber program through privileged access to virtual currency firms.

According to the US, Chinyong Information Technology Cooperation Company (Chinyong), also known as Jinyong IT Cooperation Company, which is associated with the Ministry of Peoples’ Armed Forces, and North Korean national Kim Sang Man, are involved in such IT worker activities.

“Pursuant to E.O. 13687 and E.O. 13810, all property and interests in property of the persons named above that are in the United States, or in the possession or control of U.S. persons, are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked,” the US says, warning that sanctions may be slapped on any organization or individuals associated with these entities.

Related: North Korean Hackers Target Mac Users With New ‘RustBucket’ Malware

Related: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs: Symantec

Related: Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


ENISA and CERT-EU warn of Chinese threat actors targeting businesses and government organizations in the European Union.