South Korea may sanction the North over illicit cyber activities, according to several government sources.
The Lazarus Group and Kimsuky, which intelligence officials and cybersecurity professionals say are major North Korean hacking groups, are on a list of groups being considered by the South Korean government as possible targets, the JoongAng Ilbo reported exclusively today.
“South Korea and the U.S. have already prepared cards to be used step by step according to North Korea’s predictable provocation scenario, and one of them is the South Korean government’s direct sanctions against Lazarus,” a source told the JoongAng Ilbo on Wednesday.
If levied, these would be the first sanctions independently placed by South Korea on the North’s illicit cyber activities.
It placed sanctions on the North with the United States and Japan last December, focusing on individuals and entities tied with the North’s weapons programs.
Japan at the time placed sanctions on the Lazarus Group, which has also been sanctioned by the United States since 2019.
The group is said by intelligence officials and cybersecurity experts to be the North Korean group that tried to launder $63 million of cryptocurrency that it stole last year.
Kimsuky is the Pyongyang-backed organization said to be behind a cyberattack on Korea Hydro and Nuclear Power, South Korea’s nuclear power operator, in 2014, and the hacking of some 7,000 files including patient records at the Seoul National University Hospital in 2021.
Sanctions on these hacking groups may target individuals working under forged identities at international IT companies and possibly engaged in business with Korea, or cryptocurrency companies with ties to the hacking groups.
The South Korean government has been expanding its investigations into the North’s illicit cyber activities in recent months. The National Intelligence Service opened investigations related to cyber security last November. The Foreign Ministry established a working group with the United States last August for analyzing and countering the cyber threats from the North.
The United States and the European Union have been expanding the sanctions list of North Korean entities or groups tied with its illegal cyber activities in recent years. The Department of Justice in February 2021 indicted three North Korean hackers known as Park Jin-hyok, Jon Chang-hyok and Kim Il.
All three were members of the Reconnaissance General Bureau, a military intelligence agency of the North Korea, which engaged in criminal hacking, according to the Department of Justice.
“These North Korean military hacking units are known by multiple names in the cybersecurity community, including Lazarus Group and Advanced Persistent Threat 38 (APT38),” according department’s statement announcing the indictment on Feb. 17, 2021.
The sanctions by Seoul on Pyongyang’s hacking groups are expected to send a strong message to the North, said Moon Jong-hyeon, chief of East Security.
“If the government directly sanctions North Korean hacking groups such as Lazarus and Kimsuky, it will be a clear warning to the North that South Korea is looking into all of North Korea’s illegal cyber activities,” Moon told the JoongAng Ilbo. “However, in order to have practicality beyond symbolic measures, South Korea, the U.S. and Japan should track down and uncover North Korea’s major hackers who regularly pose cyber security threats to South Korea, and target the Reconnaissance General Bureau behind them.”
BY PARK HYUN-JU,ESTHER CHUNG [chung.juhee@joongang.co.kr]