North Korea APT Slapped With Cyber Sanctions After Satellite Launch

The US Department of the Treasury Office of Foreign Assets Control (OFAC) has announced it has sanctioned cyberespionage group Kimsuky (aka APT43) for collecting intelligence on behalf of the Democratic People's Republic of Korea (DPRK).

The OFAC said the sanctions are technically in retaliation for a North Korean military reconnaissance satellite launch on Nov. 21, but, more broadly, they are designed to block the DPRK from revenue, materials, and intelligence necessary to perpetuate its weapons of mass destruction development program the Treasury's sanctions announcement added.

Kimsuky is a well-known advanced persistent threat (APT) group active since 2013 that works on behalf of the Kim Jong Un regime.

The move to file the sanctions is an important step forward in stymying the DPRK's malicious cyber activities, according to a statement from Michael Barnhart, Mandiant principal analyst, Google Cloud.

"Recent actions, including the OFAC sanctions of today and increased global awareness of these cyber threats, are forcing North Korea to adapt its strategies," Barnhart explained via email. "While these measures have undoubtedly disrupted the regime's cyber activities, it is crucial to recognize that North Korea remains a formidable threat."

Can the DPRK Cybercrime Machine Be Stopped?

In October, Kimsuky waged a campaign abusing Remote Desk Protocols (RDP) and other tools to to take over targeted systems. The previous March, the group had already emerged as what researchers characterized "unusually aggressive" APT, becoming adept at achieving the dueling goals of using social engineering to gather intelligence, as well as operating a massive cryptomining operation to raise funds for the North Korean regime.

The wider strategy to shut down cyberattacks from the DPRK must include a combination of greater public awareness of their activities, robust cybersecurity measures, as well as additional targeted sanctions and other measures that help disrupt the regime's cyber threat, according to Barnhart.

"Despite the exposure of their operations, APT43 has demonstrated remarkable resilience, continuing to employ sophisticated social engineering tactics to target unsuspecting individuals and organizations," he added. "This highlights the need for heightened vigilance and a comprehensive approach to combating North Korea's cyber threats."

The US is joined in sanctioning the cyber-threat group with allied nations Australia, Japan, and the Republic of Korea, according to the OFAC announcement.

"As an intelligence gathering apparatus for the Reconnaissance General Bureau (RGB), APT43 operates with the full backing of the North Korean regime, tasked with gathering sensitive information on a wide range of topics, including nuclear technology, sanctions evasion, and unification efforts," Barnhart said. "APT43 and DPRK-aligned cyber threats pose a significant and evolving challenge to the global community."