The South Korean Ministry of Foreign Affairs has announced a new set of independent sanctions targeting North Korea’s cyber operations. The sanctions, effective from December 30, 2024, aim to curb Pyongyang’s illegal foreign currency-earning activities, which reportedly fund its nuclear weapons and missile programs.‍

North Korea’s Cyber Activities and Their Impact

According to a report by global blockchain analysis firm Chainalysis, North Korea accounted for an estimated $1.3 billion in stolen cryptocurrency in 2024, representing 61% of the total stolen worldwide—making it the largest annual theft recorded. These funds are reportedly used to cover approximately 40% of the costs for the country’s weapons of mass destruction (WMD) development, as cited in the 2024 UN North Korea Sanctions Committee Expert Panel Annual Report.

North Korea’s tactics include cyber theft, hacking, and covert IT work. North Korean IT personnel are allegedly dispatched to countries such as China, Russia, Southeast Asia, and Africa, where they work under fake identities for international companies. While performing legitimate tasks, some are also involved in cyberattacks and information theft, generating revenue funneled to Pyongyang.

The South Korean government has designated 15 individuals and one organization associated with North Korea’s IT operations as targets of these sanctions. Among them are members of the 313th General Bureau, a subordinate body of the Munitions Industry Department of the Workers’ Party of Korea. This department oversees North Korea’s weapons production and is already subject to UN Security Council sanctions.

Key figures include Kim Cheol-min, who worked undercover at U.S. and Canadian companies, sending significant foreign currency back to Pyongyang. Kim Ryu-seong was indicted in the United States on December 11, 2024, for violating U.S. sanctions over several years. The sanctioned organization, the Chosun Geumjeong Economic Information Technology Exchange Corporation, is accused of dispatching IT personnel overseas to earn foreign currency and channel funds to North Korea’s military programs.‍

Implementation and Enforcement

The sanctions will take effect at 00:00 on December 30, 2024, and financial transactions with the sanctioned individuals and entities will require prior approval from South Korea’s Financial Services Commission or the Bank of Korea. Unauthorized transactions may result in penalties under the Act on the Prohibition of Financing for the Purpose of Threatening the Public and for the Proliferation of Weapons of Mass Destruction and the Foreign Exchange Transactions Act.