The South Korean government announced on Thursday that it has designated 15 North Korean IT operatives and one related institution as independent sanctions targets for their role in financing North Korea’s nuclear and missile development programs.
According to the South Korean Ministry of Foreign Affairs, the 15 sanctioned IT operatives include Park Heung Ryong, Yun Jeong Sik, Ri Il Jin, Kim Kyung Il, Kang Hyun Chul, Kim Chul Min, Ri Geum Hyung, Kim Ryu Sung, Hwang Chul, An Gwang Il, Han Il Nam, Seung Chul Beom, Ri Yeong Rim, Park Dong Hyun, and Shin Jeong Ho.
Except for Shin Jeong Ho, the others are affiliated with the 313 Bureau, a subordinate Workers’ Party organization in the Munitions Industry Department. They have been stationed overseas, engaging in IT-related foreign currency-earning activities. The 313 Bureau, also known as the Korea Computer Center, was previously identified in a United Nations Security Council expert panel report as a core institution for dispatching IT personnel abroad and earning foreign currency for North Korea.
The Munitions Industry Department oversees North Korea’s weapons production and research and development, including ballistic missile programs. It is already subject to UN Security Council sanctions.
Kim Chul Min reportedly remitted significant amounts of foreign currency to Pyongyang, which he earned by disguising his employment with companies in the United States and Canada. Kim Ryu Sung violated U.S. unilateral sanctions over several years and was indicted in a U.S. court on December 11.
The institution added to the sanctions list, the Korea Kumjung Economic Information Technology Exchange Corporation, is accused of dispatching IT personnel abroad to generate large sums of military funds for the North Korean regime.
Additionally, Shin Jeong Ho, the director of the Korea Kumjung Economic Information Technology Exchange Corporation’s office in Dandong, has been stationed overseas, earning foreign currency through IT-related activities.
North Korea’s illicit cyber activities are known to play a significant role in funding its nuclear and missile development programs. Some experts consider these activities the regime’s primary funding source due to comprehensive international sanctions.
North Korean IT personnel, often affiliated with state organizations such as the Munitions Industry Department, are reportedly dispatched to China, Russia, Southeast Asia, and Africa, where they disguise their identities to secure contracts. Some also participate in information theft and cyberattacks.
Global blockchain analysis firm Chainalysis, in its annual cryptocurrency crime report released on December 19, assessed North Korea stole approximately $1.3 billion worth of cryptocurrency this year, accounting for 61 percent of global cryptocurrency thefts and marking a record high.
The South Korean Ministry of Foreign Affairs stated, “North Korea continues to engage in illegal foreign currency-earning activities through cryptocurrency theft, IT contract work abroad, hacking, and other malicious cyber activities. These activities pose a serious threat to international peace and security.”
The South Korean government’s sanctions will take effect on December 30 after being published in the official gazette. Financial and foreign exchange transactions with sanctioned entities will require prior approval from the Financial Services Commission or the Governor of the Bank of Korea under the Foreign Exchange Transactions Act. Unauthorized transactions will be subject to penalties under the relevant laws.