Cybercrime

US Treasury accuses Pyongyang of stealing $3bn in digital assets to finance its nuclear weapons programme over three years.

North Korea has denounced the latest United States sanctions targeting cybercrimes that the US says help finance its nuclear weapons programme, accusing Washington of harbouring “wicked” hostility towards Pyongyang and promising unspecified countermeasures.

The statement on Thursday by a North Korean vice foreign minister came two days after the US Department of the Treasury imposed sanctions on eight people and two firms, including North Korean bankers, for allegedly laundering money from cybercrime schemes.

The US Treasury accused North Korea of operating state-sponsored hacking schemes that have stolen more than $3bn in mostly digital assets over the past three years, an amount unmatched by any other foreign actor. The Treasury Department said the illicit funds helped finance the country’s nuclear weapons programme.

The department said North Korea relies on a network of banking representatives, financial institutions and shell companies in North Korea, China, Russia and elsewhere to launder funds obtained through IT worker fraud, cryptocurrency heists and sanctions evasion.

The sanctions were rolled out even as US President Donald Trump continues to express interest in reviving talks with North Korean leader Kim Jong Un. Their nuclear discussions during Trump’s first term collapsed in 2019 amid disagreements over trading relief from US-led sanctions on North Korea for steps to dismantle its nuclear programme.

“Now that the present US administration has clarified its stand to be hostile towards the DPRK to the last, we will also take proper measures to counter it with patience for any length of time,” the North Korean vice minister, Kim Un Chol, said in a statement.

He said US sanctions and pressure tactics will never change the “present strategic situation” between the countries or alter North Korea’s “thinking and viewpoint”.

Kim Jong Un has shunned any form of talks with Washington and Seoul since his fallout with Trump in 2019. He has since made Russia the focus of his foreign policy, sending thousands of soldiers, many of whom have died on the battlefield, and large amounts of military equipment for President Vladimir Putin’s war on Ukraine while pursuing an increasingly assertive strategy aimed at securing a larger role for North Korea in a united front against the US-led West.

In a recent speech, Kim Jong Un urged Washington to drop its demand for the North to surrender its nuclear weapons as a condition for resuming diplomacy. He ignored Trump’s proposal to meet while the US president was in South Korea last week for meetings with world leaders attending the Asia-Pacific Economic Cooperation summit.

Nov. 5 (UPI) — The U.S. Treasury Department announced sanctions against eight individuals and two entities accused of laundering proceeds from North Korean cybercrime and information technology worker fraud schemes that help fund Pyongyang’s weapons programs.

The department’s Office of Foreign Assets Control said Tuesday that North Korea has stolen more than $3 billion over the past three years, using sophisticated techniques such as advanced malware and social engineering to breach financial systems and cryptocurrency platforms.

“North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” Under Secretary for Terrorism and Financial Intelligence John K. Hurley said in a statement. “By generating revenue for Pyongyang’s weapons development, these actors directly threaten U.S. and global security.”

Hurley added that the Treasury is “identifying and disrupting the facilitators and enablers behind these schemes to cut off the DPRK’s illicit revenue streams.”

The Democratic People’s Republic of Korea is the official name of North Korea.

Among those sanctioned are Jang Kuk Chol and Ho Jong Son, North Korean bankers who allegedly helped manage illicit funds, including $5.3 million in cryptocurrency — some of it linked to ransomware that has previously targeted U.S. victims.

Korea Mangyongdae Computer Technology Co. and its president U Yong Su were also added to the list. The company allegedly operates IT-worker delegations from the Chinese cities of Shenyang and Dandong.

Ryujong Credit Bank, another target, was accused of laundering foreign-currency earnings and moving funds for sanctioned North Korean entities. Six additional individuals were designated for facilitating money transfers.

Under the sanctions, all property and interests in property of the designated individuals and entities within U.S. jurisdiction are blocked, and U.S. persons are generally barred from engaging in transactions with them. Financial institutions dealing with the sanctioned parties may also face enforcement actions.

The move builds on earlier U.S. actions this year against North Korean cyber networks. In July, the State Department sanctioned Song Kum Hyok, a member of the Andariel hacking group, for operating remote IT-worker schemes that funneled wages back to Pyongyang.

The Justice Department also filed criminal charges in 16 states against participants in a campaign that placed North Korean IT workers in U.S. companies.

Tuesday’s OFAC statement cited an October report by the 11-country Multilateral Sanctions Monitoring Team, which described North Korea’s cybercrime apparatus as “a full-spectrum, national program operating at a sophistication approaching the cyber programs of China and Russia.”

The report added that “nearly all the DPRK’s malicious cyber activity, cybercrime, laundering and IT work is carried out under the supervision, direction and for the benefit of entities sanctioned by the United Nations for their role in the DPRK’s unlawful WMD and ballistic missile programs.”

The sanctions follow President Donald Trump‘s recent visit to South Korea, where a much-anticipated meeting with North Korean leader Kim Jong Un failed to materialize.

South Korea’s National Intelligence Service told lawmakers Tuesday that a summit could take place after joint U.S.-South Korean military drills scheduled for March, according to opposition lawmaker Lee Seong-kweun of the People Power Party.

The judge ruled NSO caused ‘irreparable harm’ to Meta, but said an earlier award of $168m in damages was ‘excessive’.

A United States judge has granted an injunction barring Israeli spyware maker the NSO Group from targeting WhatsApp users, saying the firm’s software causes “direct harm” but slashed an earlier damages award of $168m to just $4m.

In a ruling on Friday granting WhatsApp owner Meta an injunction to stop NSO’s spyware from being used in the messaging service, district judge Phyllis Hamilton said the Israeli firm’s “conduct causes irreparable harm”, adding that there was “no dispute that the conduct is ongoing”.

Hamilton said NSO’s conduct “serves to defeat” one of the key purposes of the service offered by WhatsApp: privacy.

“Part of what companies such as WhatsApp are ‘selling’ is informational privacy, and any unauthorised access is an interference with that sale,” she said.

In her ruling, Hamilton said that evidence at trial showed that NSO reverse-engineered WhatsApp code to stealthily install its spyware Pegasus on users’ phones, and repeatedly redesigned it to escape detection and bypass security fixes.

NSO was founded in 2010 and is based in the Israeli seaside tech hub of Herzliya, near Tel Aviv.

Pegasus – a highly invasive software marketed as a tool for law enforcement to fight crime and terrorism – allows operators to remotely embed spyware in devices.

NSO says it only sells the spyware to vetted and legitimate government law enforcement and intelligence agencies. But Meta, which owns WhatsApp, filed a lawsuit in California federal court in late 2019, accusing NSO of exploiting its encrypted messaging service to target journalists, lawyers and human rights activists with its spyware.

Independent experts have also said NSO’s software has been used by nation states, some with poor human rights records, to target critics.

Judge Hamilton said her broad injunction was appropriate given NSO’s “multiple design-arounds” to infect WhatsApp users – including missed phone calls and “zero-click” attacks – as well as the “covert nature” of the firm’s work more generally.

Will Cathcart, the head of WhatsApp, said in a statement that the “ruling bans spyware maker NSO from ever targeting WhatsApp and our global users again”.

“We applaud this decision that comes after six years of litigation to hold NSO accountable for targeting members of civil society. It sets an important precedent that there are serious consequences to attacking an American company,” he said.

Meta had asked Hamilton to extend the injunction to its other products – including Facebook, Instagram and Threads – but the judge ruled there was no way for her to determine if similar harms were being done on the other platforms without more evidence.

Hamilton also ruled that an initial award of $168m against NSO for damages to Meta in May this year was excessive, determining that the court did not have “sufficient basis” to support the jury’s initial calculation.

“There have simply not yet been enough cases involving unlawful electronic surveillance in the smartphone era for the court to be able to conclude that defendants’ conduct was ‘particularly egregious’,” Hamilton wrote.

The judge ruled that the punitive damages ratio should therefore be “capped at 9/1”, reducing the initial sum by about $164m to just $4m.

South Korea has banned citizens from going to parts of Cambodia amid growing concerns over the country’s scam industry.

Dozens of South Korean nationals who had been detained in Cambodia for alleged involvement in cyberscam operations have been returned home and placed under arrest, according to South Korean authorities.

Officers arrested the individuals on board a chartered flight sent to collect them from Cambodia, a South Korean police official told the AFP news agency.

“A total of 64 nationals just arrived at the Incheon international airport on a chartered flight,” the official said on Saturday, adding that all of the individuals have been taken into custody as criminal suspects.

South Korea sent a team to Cambodia earlier this week to investigate dozens of its nationals who were kidnapped into the Southeast Asian nation’s online scam industry.

South Korean National Security Adviser Wi Sung-lac previously said the detained individuals included both “voluntary and involuntary participants” in scam operations.

On Friday, Cambodian Ministry of Interior spokesman Touch Sokhak said the repatriation agreement with South Korea was the “result of good cooperation in suppression of scams between the two countries”.

Online scam operations have proliferated in Cambodia since the COVID-19 pandemic, when the global shutdown saw many Chinese-owned casinos and hotels in the country pivot to illicit operations.

Operating from industrial-scale scam centres, tens of thousands of workers perpetrate online romance scams known as “pig-butchering”, often targeting people in the West in a vastly lucrative industry responsible for the theft of tens of billions of dollars each year.

Pig-butchering – a euphemism for fattening up a victim before they are slaughtered – often involves fraudulent cryptocurrency investment schemes that build trust over time before funds are stolen.

Parallel industries have blossomed in Laos, the Philippines and war-ravaged Myanmar, where accounts of imprisonment and abuse in scam centres are the most severe.

An estimated 200,000 people are working in dozens of large-scale scam operations across Cambodia, with many scam compounds owned by or linked to the country’s wealthy and politically connected. About 1,000 South Korean nationals are believed to be among that figure.

On Tuesday, the United States and United Kingdom announced sweeping sanctions against a Cambodia-based multinational crime network, identified as the Prince Group, for running a chain of “scam centres” across the region.

UK authorities seized 19 London properties worth more than 100 million pounds ($134m) linked to the Prince Group, which markets itself as a legitimate real estate, financial services and consumer businesses firm.

Prosecutors said that at one point, Prince Group’s chair, Chinese-Cambodian tycoon Chen Zhi, bragged that scam operations were pulling in $30m a day.

Chen – who has served as an adviser to Cambodian Prime Minister Hun Manet and his father, long-ruling former Prime Minister Hun Sen – is also wanted on charges of wire fraud and money laundering, according to the UK and US.

Still at large, he faces up to 40 years in prison if convicted.

The move by the UK and US against the Prince Group came as South Korea announced a ban on travel to parts of Cambodia on Wednesday amid growing concerns over its citizens entering the scam industry.

South Korean police have said they will also conduct a joint investigation into the recent death of a college student in Cambodia who was reportedly kidnapped and tortured by a crime ring.

The South Korean student was found dead in a pick-up truck on August 8 in Cambodia’s southern Kampot province, with an autopsy revealing he “died as a result of severe torture, with multiple bruises and injuries across his body”.