{"id":2135,"date":"2023-12-01T19:55:45","date_gmt":"2023-12-01T19:55:45","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=78336"},"modified":"2023-12-01T19:55:45","modified_gmt":"2023-12-01T19:55:45","slug":"u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/12\/01\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit\/","title":{"rendered":"U.S. government sanctions prolific North Korean cyber espionage unit"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v20.5 (Yoast SEO v20.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>U.S. government sanctions prolific North Korean cyber espionage unit | CyberScoop<\/title> <meta name=\"description\" content=\"The veteran hacking crew has been at the heart of Pyongyang's efforts to gather intelligence by breaching computer systems.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"U.S. government sanctions prolific North Korean cyber espionage unit\"> <meta property=\"og:description\" content=\"The veteran hacking crew has been at the heart of Pyongyang's efforts to gather intelligence by breaching computer systems.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-12-01T19:55:45+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1260\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1699561119g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1700978938g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1698989400g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7dab012cdc88b5676610\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/78336\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=78336\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fu-s-government-sanctions-prolific-north-korean-cyber-espionage-unit%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fu-s-government-sanctions-prolific-north-korean-cyber-espionage-unit%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-78336 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.105263157895\">\n<div class=\"single-article__header-content\" readability=\"30.309012875536\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The veteran hacking crew has been at the heart of Pyongyang&#8217;s efforts to gather intelligence by breaching computer systems. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"420\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit.jpg?resize=640%2C420&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit-2.jpg?resize=300,197 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit-2.jpg?resize=768,504 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit-2.jpg?resize=1024,672 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit-2.jpg?resize=1536,1008 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit-2.jpg?resize=600,394 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit-2.jpg?resize=256,168 256w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit-2.jpg?resize=514,337 514w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit-2.jpg?resize=1029,675 1029w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit-2.jpg?resize=1285,843 1285w\" sizes=\"(max-width: 1029px) 100vw, 1029px\"><figcaption> The North Korean flag files over the North Korean embassy in Beijing, 18 July 2007. (Photo by PETER PARKS\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"42.261050133492\"><body readability=\"85.676470588235\"><\/p>\n<p>The U.S. government sanctioned one of North Korea\u2019s premier cyber espionage units Thursday, a group known to support Pyongyang\u2019s intelligence collection efforts and which also conducts operations to support its nuclear program, according to a <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy1938\">statement from the U.S. Treasury Department<\/a>. <\/p>\n<p>The group \u2014&nbsp;tracked variously as <a href=\"https:\/\/cyberscoop.com\/tag\/kimsuky\/\">Kimsuky<\/a>, APT43, Emerald Sleet, Velvet Chollima, TA406 and Black Banshee \u2014 has been operating <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa20-301a\">since at least 2012<\/a>, according to U.S. government estimates, and works under the umbrella of North Korea\u2019s Reconnaissance General Bureau (RGB), the country\u2019s primary intelligence service.<\/p>\n<p>The RGB was sanctioned by the U.S. government on <a href=\"https:\/\/www.federalregister.gov\/documents\/2010\/09\/01\/2010-22002\/blocking-property-of-certain-persons-with-respect-to-north-korea\">Aug. 30, 2010<\/a>, and again on <a href=\"http:\/\/January%202,%202015\">Jan. 2, 2015<\/a>.<\/p>\n<p>Kimsuky\u2019s operations in recent years have been widely exposed, analyzed and documented by various government and industry researchers. Nevertheless, \u201cAPT43 has demonstrated remarkable resilience, continuing to employ sophisticated social engineering tactics to target unsuspecting individuals and organizations,\u201d Michael Barnhart, principal analyst at Mandiant, told CyberScoop in an email. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The group is \u201ca prime example of North Korea\u2019s persistent cyber threat,\u201d Barnhart said, noting that it \u201coperates with the full backing of the North Korean regime, tasked with gathering sensitive information on a wide range of topics, including nuclear technology, sanctions evasion, and unification efforts.\u201d<\/p>\n<p>Kimsuky typically employs spearphishing to target key people in government, research centers, think tanks, academic institutions and news media organizations, according to the Treasury announcement. <\/p>\n<p>Alongside its espionage mandate, the group is also believed to engage in financially motivated cybercrime as a means to fund itself, Mandiant reported in <a href=\"https:\/\/services.google.com\/fh\/files\/misc\/apt43-report-en.pdf\">a March 2023 analysis<\/a>.<\/p>\n<p>\u201cIt\u2019s fantastic to see further government action taken against DPRK threat actors,\u201d said Tom Hegel, principal threat researcher with SentinelLabs. \u201cI suspect these actions will play a major role in impacting their success rate and impose some cost on their methods of operating. A welcomed play against such a significant cyber threat.\u201d<\/p>\n<p>Hegel pointed to an August 2020 Kimsuky effort, which targeted nearly a dozen United Nations officials, as emblematic of the group\u2019s work. That operation was one in a string targeting various U.N. officials, <a href=\"https:\/\/www.zdnet.com\/article\/north-korea-has-tried-to-hack-11-officials-of-the-un-security-council\/\">ZDNet reported at the time<\/a>.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>In June, <a href=\"https:\/\/media.defense.gov\/2023\/Jun\/01\/2003234055\/-1\/-1\/0\/JOINT_CSA_DPRK_SOCIAL_ENGINEERING.PDF\">a joint advisory<\/a> from the NSA, FBI, State Department and their counterparts in South Korea warned of Kimsuky efforts to target think tanks, academia and media outlets in the U.S. and South Korea, including by posing as or spoofing real journalists and broadcast writers.<\/p>\n<p>SentinelLabs senior threat researcher <a href=\"https:\/\/www.sentinelone.com\/labs\/kimsuky-new-social-engineering-campaign-aims-to-steal-credentials-and-gather-strategic-intelligence\/\">Aleksandar Milenkoski analyzed part of the campaign<\/a> flagged by the international advisory, which relied on spoofed domains, documents and other activities related to <a href=\"https:\/\/www.nknews.org\/pro\/north-korean-hackers-target-nk-pro-readers-with-malicious-websites-emails-docs\/?share=503de5ac\">NK News<\/a>, a South Korea-based news and analysis organization focused on North Korean matters. <\/p>\n<p>Hegel, meanwhile, said that Kimsuky\u2019s operations \u201cagainst media outlets have always showed us their pace of operation and creativity.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.1342975206612\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit-1.jpg?w=640&#038;ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/u-s-government-sanctions-prolific-north-korean-cyber-espionage-unit\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>U.S. government sanctions prolific North Korean cyber espionage unit |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1269,282,302,1270,646,647,1271,509],"tags":[1272,286,306,1273,650,240,1274,511],"class_list":["post-2135","post","type-post","status-publish","format-standard","hentry","category-apt43","category-cybercrime","category-geopolitics","category-kimsuky","category-mandiant","category-north-korea","category-sanctions","category-treasury-department","tag-apt43","tag-cybercrime","tag-geopolitics","tag-kimsuky","tag-mandiant","tag-north-korea","tag-sanctions","tag-treasury-department"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/apt43\/\" rel=\"category tag\">APT43<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/kimsuky\/\" rel=\"category tag\">Kimsuky<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/north-korea\/\" rel=\"category tag\">North Korea<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sanctions\/\" rel=\"category tag\">sanctions<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/treasury-department\/\" rel=\"category tag\">Treasury Department<\/a>","tag_info":"Treasury Department","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2135","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2135"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2135\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}