Washington Charges Chinese Nationals Connected to North Korea’s Lazarus Group

The United States government is taking a hard stance against cyberterrorism and going directly to one of the most popular criminal groups on the Internet. 

Earlier this week, the Office of Foreign Assets Control (OFAC), a part of the United States Treasury Department, announced that it would be placing heavy economic sanctions on two Chinese nationals who are suspected of having been connected to a cryptocurrency exchange hack back in 2018. 

Money Laundering and Assisted Exchange Hacks 

In a press release to that effect, the OFAC explained that the individuals – who were identified at Juiadong Li and Yinyin Tian – had engaged in an activity that linked them to the Lazarus Group, a hacker organization that’s been proven to be affiliated with the government of North Korea. Both men were accused of having conducted “a malicious cyber-enabled activity,” in which millions of dollars were stolen from investors. 

 “The North Korean regime has continued its widespread campaign of extensive cyber-attacks on financial institutions to steal funds. The United States will continue to protect the global financial system by holding accountable those who help North Korea engage in cyber-crime,” Treasury Secretary Steven Mnuchin explained in the statement. 

On the same day, the Department of Justice announced that it had indicted the men on money laundering charges. In its own press release, the DoJ alleged that men had assisted the Lazarus Group to steal up to $250 million from an unnamed crypto exchange in 2018 (most likely the infamous Coincheck hack). The group had also laundered as much as $100 million worth of cryptocurrencies between December 2017 and April 2019 on behalf of their North Korean compadres. 

Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, added, “These defendants allegedly laundered over a hundred million dollars’ worth of stolen cryptocurrency to obscure transactions for the benefit of actors based in North Korea. Today’s actions underscore that the Department will pierce the veil of anonymity provided by cryptocurrencies to hold criminals accountable, no matter where they are located.”

The Lazarus Group is Pyongyang’s Cash Cow

The Lazarus Group has been extensively linked to the North Korean government in the past. Last year alone, both the United Nations and the Federal Bureau of Investigation pointed out that the group – which made its name after the 2018 Coincheck hack – had been an essential source of funding for Pyongyang. 

As both bodies explained, the Kim administration has been working to find ways to fund its extensive weapons program after crippling economic sanctions set by the international community left it financially hamstrung. Seeing no other means, it employed the Group to carry out a string of attacks, including on financial institutions and exchanges for foreign countries. 

As the U.N. estimated at the time, the North Korean government had been able to make up to $2 billion from the activities of the Lazarus Group as of August 2019. While the infamous government has come out to deny it, more links between it and the Group have surfaced over the past few months too.