South Korea’s Ministry of Foreign Affairs Sanctions North Korea Hacking Group Kimsuky, Identifies Related Crypto Addresses

June 03, 2023

On June 1, 2023, South Korea’s Ministry of Foreign Affairs (MOFA) sanctioned Kimsuky, a North Korean hacking group, and included two cryptocurrency addresses as identifiers for the organization. Active since at least 2012, Kimsuky is a North Korea-based cyber espionage organization that is known to have stolen technologies related to weapon and satellite development, and foreign policy information on behalf of the North Korean government. Kimsuky’s intelligence collection operations have targeted governments – most notably the South Korean government – political organizations, and academic organizations. According to Greg Lesnewich, Senior Threat Researcher at Proofpoint, “Kimsuky operations involving cryptocurrency are reflective of the North Korean cultural tenet of ‘juche,’ or self-reliance. The screenshot below shows a series of transactions for one of the Kimsuky addresses identified by MOFA.