Pierluigi Paganini December 01, 2023

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against North Korea-linked APT group Kimsuky.

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) this week announced sanctions against the North Korea-linked APT group Kimsuky.

Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, APT43) was first spotted by Kaspersky researchers in 2013. The group works under the control of the Reconnaissance General Bureau (RGB) foreign intelligence service.

At the end of October 2020, the US-CERT published a report on Kimusky’s recent activities that provided information on their TTPs and infrastructure.

The APT group mainly targets think tanks and organizations in South Korea, other victims were in the United States, Europe, and Russia.

OFAC sanctioned the Kimsuky APT for conducting intelligence activities on behalf of the DPRK government. 

“Today, in coordination with foreign partners, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned eight foreign-based Democratic People’s Republic of Korea’s (DPRK) agents that facilitate sanctions evasion, including revenue generation and missile-related technology procurement that support the DPRK’s weapons of mass destruction (WMD) programs.” reads the press release published by OFAC. “Additionally, OFAC sanctioned cyber espionage group Kimsuky for gathering intelligence to support the DPRK’s strategic objectives.” 

The US authorities also sanctioned eight foreign North Korean agents that operated to facilitate sanction evasion and the weapons of mass destruction programs.

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and one individual for their role in malicious cyber operations conducted to support the government of North Korea.

“The DPRK conducts malicious cyber activities and deploys information technology (IT) workers who fraudulently obtain employment to generate revenue, including in virtual currency, to support the Kim regime and its priorities, such as its unlawful weapons of mass destruction and ballistic missile programs.” reads the announcement. 

The sanctioned entities conducted operations to steal funds to support the military strategy of the regime.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Kimsuky)