Treasury Targets DPRK’s International Agents and Illicit Cyber Intrusion Group

Australia, Japan, the Republic of Korea, and the United States 

Sanction DPRK for its November 21 Satellite Launch

WASHINGTON — Today, in coordination with foreign partners, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned eight foreign-based Democratic People’s Republic of Korea’s (DPRK) agents that facilitate sanctions evasion, including revenue generation and missile-related technology procurement that support the DPRK’s weapons of mass destruction (WMD) programs. Additionally, OFAC sanctioned cyber espionage group Kimsuky for gathering intelligence to support the DPRK’s strategic objectives. 

Today’s actions are in response to the DPRK’s November 21 claimed military reconnaissance satellite launch and demonstrates the multilateral efforts of the United States and foreign partners to hinder the DPRK’s ability to generate revenue, procure materiel, and gather intelligence that advances the development of its WMD program and the unlawful export of arms and related materiel from the DPRK.

 “Today’s actions by the United States, Australia, Japan, and the Republic of Korea reflect our collective commitment to contesting Pyongyang’s illicit and destabilizing activities,” said Treasury’s Under Secretary for Terrorism and Financial Intelligence Brian E. Nelson. “The DPRK’s use of overseas laborers, money launderers, cyber espionage, and illicit funding continue to threaten international security and our allies in the region. We will remain focused on targeting these key nodes in the DPRK’s illicit revenue generation and weapons proliferation.”

DPRK ILLICIT ECONOMIC ACTIVITY

Today’s actions target the DPRK’s access to revenue and weapons, generated through state-owned entities, banks, and trading companies, specifically through their globally deployed trade and bank representatives. These individuals provide critical access to foreign technology vital to the DPRK’s domestic weapons program and enable DPRK revenue generation through access to the international financial system. A portion of the revenue from these activities has been funneled towards domestic WMD-related technology and missile systems.

OFAC is designating eight individuals that are associated with U.S.-designated DPRK state-owned weapons exporters, financial institutions, and front companies including Green Pine Associated Corporation (Green Pine), Foreign Trade Bank of the Democratic People’s Republic of Korea (FTB), KoryoCommercial Bank LTD. (KCB), Korea United Development Bank (KUDB), and Mansudae Overseas Project Group of Companies (MOP).

DPRK Weapons Sales Representatives 

U.S. and UN-designated Green Pine is responsible for approximately half of DPRK arms and related materiel exports. The Reconnaissance General Bureau (RGB)-controlled Green Pine specializes in the production of maritime military craft and armaments and has provided both technical assistance and weapons to Iranian defense-related firms. 

  • Kang Kyong Il and Ri Sung Il are Tehran, Iran-based Green Pine representatives. Kang Kyong Il has attempted to sell Chinese-origin aluminum and Ri Sung Il has worked with other DPRK representatives to sell conventional weapons to foreign governments. Both Kang Kyong Il and Ri Sung Il have travelled to China together on multiple occasions.
  •  Kang Phyong Guk is a Green Pine representative in Beijing, China and is a central liaison between Green Pine and its overseas representatives.

Ri Sung IlKang Kyong Il, and Kang Phyong Guk are being designated pursuant to E.O. 13551 for acting or purporting to act, for or on behalf of, directly or indirectly, Green Pine, an entity that was included in the Annex to E.O. 13551.

DPRK Financial Representatives

The DPRK continues to use agents and individuals associated with its state-owned entities and banks to access the international financial system to conduct illicit financial activity. They have long-standing networks of front or shell companies and use embassy personnel to move money and procure materiel for the DPRK’s WMD and ballistic missile programs as well as to procure conventional weapons. 

  • So Myong is the chief representative of FTB in Vladivostok, Russia and has facilitated financial transfers on behalf of designated DPRK financial institutions and weapons trading entities and including representatives, of the U.S.-designated Second Academy of Natural Sciences. So Myong is designated pursuant to E.O. 13382 for having acted or purported to act for or on behalf of, directly or indirectly, FTB.
  • Choe Un Hyok is a KUDB representative in Russia who has coordinated multiple payments to an entity subordinate to the U.S. and UN-designated, Munitions Industry Department. Choe Un Hyok is designated pursuant to E.O. 13722 for having acted or purported to act for or on behalf, of, directly or indirectly, KUDB.
  • Jang Myong Chol is a KCB representative in China that has facilitated transactions worth hundreds of thousands of dollarsJang Myong Chol is designated, pursuant to E.O. 13810 for having acted or purported to act for on or on behalf of, directly or indirectly, KCB.

DPRK Front Companies

Additionally, OFAC is designating two individuals that have generated revenue for the Government of North Korea and were previously designated by the European Union for generating revenue through the exportation of DPRK workers.

  • Choe Song Chol and Im Song Sun have represented front companies for UN and U.S.-designated MOP. MOP was designated pursuant to E.O. 13722 for having engaged in, facilitated, or been responsible for the exportation of workers from North Korea [OFAC Press Release

Choe Song Chol and Im Song Sun are being designated pursuant to E.O. 13810 for being North Korean persons, including a North Korean person who has engaged in commercial activity that generates revenue for the Government of North Korea or the Worker’s Party of Korea.

A CYBER ESPIONAGE UNIT WITH STRATEGIC SIGNIFICANCE

Active since 2012, Kimsuky is subordinate to the UN- and U.S. designated Reconnaissance General Bureau (RGB), the DPRK’s primary foreign intelligence service. On August 30, 2010, OFAC designated the RGB by adding it to the annex of E.O. 13551. OFAC subsequently re-designated the RGB on January 2, 2015 pursuant to E.O. 13687 for being a controlled entity of the Government of North Korea. Malicious cyber activity associated with the Kimsuky advanced persistent threat is also known in the cybersecurity industry as APT43, Emerald Sleet, Velvet Chollima, TA406, and Black Banshee.

Although Kimsuky is primarily an intelligence collection entity, its cyber espionage campaigns directly support the DPRK’s strategic and nuclear ambitions. Kimsuky primarily uses spear-phishing to target individuals employed by government, research centers, think tanks, academic institutions, and news media organizations, including entities in Europe, Japan, Russia, South Korea, and the United States. Kimsuky employs social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts affecting its interests by gaining illicit access to the private documents, research, and communications of their targets.

Kimsuky is being designated pursuant to E.O. 13687, for being an agency, instrumentality, or a controlled entity of the Government of North Korea.

SANCTIONS IMPLICATIONS

As a result of today’s action, pursuant to E.O.s 13687, 13382, 13551, 13722, and 13810, all property and interests in property of the persons named above that are in the United States, or in the possession or control of U.S. persons, are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked. 

Unless authorized by a general or specific license issued by OFAC, or otherwise exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons. The prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person or the receipt of any contribution or provision of funds, goods, or services from any such person.

In addition, persons that engage in certain transactions with the individuals or entities designated today may themselves be exposed to designation. Furthermore, any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions. 

The power and integrity of OFAC sanctions derive not only from its ability to designate and add persons to the SDN List, but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior.  For information concerning the process for seeking removal from an OFAC list, including the SDN List, please refer to OFAC’s Frequently Asked Question 897.

For additional information on the DPRK Cyber Activities refer to the Guidance on the North Korean Cyber Threat.

For additional information on Kimsuky’s recent social engineering operations refer to the Joint Cyber Advisory DPRK Using Social Engineering to Enable Hacking, its tactics, techniques and procedures Joint Cybersecurity Advisory.

For additional information on DPRK illicit finance and procurement activities see the North Korea Ballistic Missile Procurement Advisory and the FinCEN Advisory on North Korea’s Use of the International Financial System.

For detailed information on the process to submit a request for removal from an OFAC sanctions list, please click here.

Find identifying information on the individuals sanctioned today here.

 

###

 

Leave a comment

Your email address will not be published. Required fields are marked *