Multiagency advisory warns of North Korean cyber-threat to international finance system

Financial Crimes Department of Treasury OFAC Sanctions Of Interest to Non-US Persons North Korea

On April 15, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), in conjunction with the Departments of State and Homeland Security and the Federal Bureau of Investigation, issued an advisory warning that North Korea’s (DPRK) cyber activities—including cybertheft, money laundering, extortion, and cryptojacking—“pose a significant threat to the integrity and stability of the international finance system.” These activities, the agencies caution, highlight DPRK’s use of cyber-enabled means to generate revenue while mitigating the impact of OFAC-imposed sanctions. In addition to providing examples of cyber activities that target the international financial sector and DPRK state-sponsored cyber incidents, the advisory also outlines recommended measures that governments, industry, civil society, and individuals can take to counter DPRK cyber threats. These include (i) raising awareness; (ii) sharing technical information; (iii) implementing and promoting cybersecurity best practices; (iv) notifying law enforcement; and (v) strengthening anti-money laundering, countering the financing of terrorism, and counter-proliferation financing compliance. The agencies reiterate the consequences of engaging in prohibited and sanctionable conduct, and remind individuals and entities that OFAC has the authority to impose sanctions on any persons found to have engaged in conduct supporting DPRK cyber-related activity. The agencies also point out that foreign financial institutions that knowingly conduct or facilitate significate trade or transactions on behalf of a designated person for DPRK-related activity, may “lose the ability to maintain a correspondent or payable-through account in the [U.S.]”