The U.S. Department of Treasury has sanctioned four North Korean organizations, as well as one individual, for engaging in malicious cyber activities.

Officials announced the move on Tuesday. Additionally, the Treasury Department detailed that South Korea has also sanctioned the organizations and individual in question.

The first organization to which the new sections apply is the Pyongyang University of Automation. It’s described as one of North Korea’s main hacker training institutions. It trains hackers who in many cases go on to work for cyber units of the RGB, North Korea’s primary intelligence bureau.

The Treasury Department has also sanctioned an RGB-controlled organization called the Technical Reconnaissance Bureau. According to Treasury officials, the organization is responsible for developing hacking tactics and tools. It also operates several departments affiliated with Lazarus Group, a hacking group that last year stole about $620 million worth of cryptocurrency in a major cyberattack.

The Treasury Department is separately applying sanctions to a unit of the Technical Reconnaissance Bureau called the 110th Research Center. The unit has carried out cyberattacks against organizations around the world, including in the U.S. and South Korea. A decade ago, it launched a cyberattack that destroyed thousands of financial sector systems in South Korea and caused outages at the country’s three leading media organizations.

The fourth organization the Treasury Department slapped with sanctions on Tuesday is known as Chinyong. It employs thousands of information technology workers worldwide, mainly in China and Russia, who obtain revenue that supports North Korea’s weapons programs. The Treasury Department also sanctioned a Chinyong representative by the name of Kim Sang Man who is based in Russia.

According to the Treasury Department, Chinyong IT workers use falsified and forged documents to obtain tech jobs at companies around the world. Some workers can earn more than $300,000 per year. They use cryptocurrency exchanges and trading platforms to launder the funds back to North Korea.

The Chinyong workers usually “engage in IT work distinct from malicious cyber activity,” the Treasury Department detailed. However, officials have identified cases where workers employed at cryptocurrency companies used their access to those companies’ internal systems for malicious purposes.

“Today’s action continues to highlight the DPRK’s extensive illicit cyber and IT worker operations, which finance the regime’s unlawful weapons of mass destruction and ballistic missile programs,” said Brian Nelson, the Under Secretary of the Treasury for Terrorism and Financial Intelligence. “The United States and our partners remain committed to combatting the DPRK’s illicit revenue generation activities and continued efforts to steal money from financial institutions, virtual currency exchanges, companies, and private individuals around the world.”

Photo: Michael Pick/Flickr