"4 trillion won" cryptocurrency stolen by North Korea…money laundering in China and Cambodia

MSMT led by South Korea, the U.S., and Japan, report monitoring North Korea sanctions implementation

Deceived overseas virtual asset operators to steal cryptocurrency

Total of 4 trillion won since January last year

Cashed out through overseas brokers in China, Cambodia, etc.

It was confirmed on the 22nd that North Korea stole cryptocurrencies worth several hundred billion won annually from virtual asset exchanges in various countries and cashed them out in China and Cambodia. The amount of virtual assets stolen from January last year to September this year is estimated to be about 4 trillion won (2.84 billion dollars).

North Korea used cryptocurrencies as a payment method to trade items banned by United Nations Security Council resolutions, including weapons, military supplies, and raw materials such as gold and copper.

MSMT "North Korea cooperated with Russian ransomware groups"

The Ministry of Foreign Affairs announced that the 'Multinational Sanctions Monitoring Team' (MSMT) published a report containing these findings. MSMT is a consultative body launched in October last year to monitor North Korea's compliance with sanctions, replacing the expert panel of the UN Security Council's North Korea Sanctions Committee whose activities were suspended due to Russia's veto. Eleven countries, including South Korea, the U.S., Japan, the UK, France, and Germany, participate.

North Korean cyber groups are believed to have posed as investors and businesspeople to contact overseas virtual asset exchanges to steal virtual assets. North Korea reportedly used techniques that induced exchange operators to download malicious software (SW). MSMT said, "North Korea also cooperated with Russian ransomware groups and others in conducting malicious cyber activities."

After stealing virtual assets, North Korea conducted money laundering to avoid tracking. It then converted the funds to cash through overseas brokers. MSMT's analysis indicates that China was significantly involved in assisting North Korea during this process. A third country's transfer of funds while a UN-designated North Korean cyber organization is laundering and cashing out funds violates UN Security Council resolutions.

Cambodia's large financial platform Huione Group is also reported to have assisted North Korea's money laundering and cashing out, and the U.S. State Department recently designated Huione Group as a "primary money laundering concern" financial institution.

"At least 2,000 North Korean IT workers stay in eight countries"

MSMT analyzed that North Korea is deliberately strengthening the capabilities of its cyber activity organizations to generate revenue for the regime. MSMT said, "Most North Korean cyber organizations are subordinate organizations of UN-sanctioned entities such as the Reconnaissance General Bureau, the Ministry of Atomic Industry, and the Ministry of Military Industry."

North Korean IT (information and technology) workers are generating income while residing in at least eight countries, including China and Russia, numbering between 1,000 and 2,000 people, which also violates UN Security Council resolutions.

MSMT also expressed concern that "North Korea is stealing military, scientific, and energy-related information and technologies through cyber attacks targeting South Korea, the U.S., China, and the UK." MSMT noted that groups known as Kimsuky, Andariel, and APT37, among North Korean hackers, have stolen information on construction, defense contractors, and officials involved in inter-Korean affairs in South Korea.

Reporter Seong-su Bae baebae@hankyung.com