Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label U.S. Treasury. Show all posts

U.S. Treasury Sanctions Eight Foreign-Based Agents and North Korean Kimsuky Attackers

 

"The Office of Foreign Assets Control (OFAC) of the US Department of Treasury recently announced that it has sanctioned the cyberespionage group Kimsuky, also known as APT43, for gathering intelligence on behalf of the Democratic People's Republic of Korea (DPRK). 

Sanctions imposed by the United States are technically in response for a North Korean military reconnaissance satellite launch on Nov. 21, but they are also intended to deprive the DPRK of revenue, materials, and intelligence needed to sustain its weapons of mass destruction development programme, according to the Treasury's sanctions announcement. 

The Lazarus Group and its subsidiaries Andariel and BlueNoroff were subject to similar sanctions by the OFAC in September 2019—more than four years ago. Kimsuky is the target of these sanctions as it gathers intelligence to support the regime's strategic goals. 

Kimsuky is a well-known cyber espionage group that primarily targets governments, nuclear organisations, and foreign relations entities in order to gather intelligence that serves North Korea's interests. It is also known by the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly known as Thallium), Nickel Kimball, and Velvet Chollima.

"The group combines moderately sophisticated technical capabilities with aggressive social engineering tactics, especially against South Korean and U.S.-based government organisations, academics, and think tanks focused on Korean peninsula geopolitical issues," Mandiant, which is owned by Google, stated in October 2023. 

Similar to the Lazarus Group, it is a part of the Reconnaissance General Bureau (RGB), which is in charge of intelligence gathering operations and is North Korea's main foreign intelligence service. At least since 2012, it has been known to be active. 

"Kimsuky employs social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts affecting its interests by gaining illicit access to the private documents, research, and communications of their targets," the Treasury stated.

The agency also named Choe Song Chol and Im Song Sun for managing front companies that made money by exporting skilled workers; Kang Kyong Il, Ri Sung Il, and Kang Phyong Guk for serving as weapons sales representatives; and So Myong, Choe Un Hyok, and Jang Myong Chol for participating in illegal financial transfers to acquire materials for North Korea's missile programmes.

US Department of Treasury Declares Sanctions Against Chatex Cryptocurrency

 

The US Treasury Department today declared sanctions against Chatex cryptocurrency exchange for assisting ransomware groups escape sanctions and helping them in carrying out ransomware transactions. The US department also sanctioned Suex crypto exchange (based in Russia) in September for assisting a minimum of 8 ransomware teams, with more than 40% of public transactions linked to threat actors. 

"Ransomware incidents have disrupted critical services and businesses globally, as well as schools, government offices, hospitals, and emergency services, transportation, energy, and food companies. Reported ransomware payments in the United States so far have reached $590 million in the first half of 2021, compared to a total of $416 million in 2020," said US Treasury. The investigation of public transactions hints that more than 50% of transactions are tracked down to malicious or illegal activities like darknet market, ransomware, and high-risk exchanges, says US Treasury Department. 

As of now, Chatex is designated as pursuant to Executive Order (E.O) 13694, amending for material support assistance to Suex and malicious harm posed by ransomware hackers. When the crypto exchanges are sanctioned for providing material support to ransomware groups, the United States is hoping to extract out fundings and shut down the campaign. According to the US Treasury of the department, unprincipled virtual currency exchanges like Chatex are critical to the profitability of ransomware activities, especially by laundering and cashing out the proceeds for criminals. 

The treasury is constantly using all available resources to restrict harmful threat actors, disrupt illegal criminal proceedings, and stop extra activities against US citizens. According to Bleeping Computers, "FinCEN's Financial Trend Analysis report was issued on the heels of governments worldwide saying they will crackdown on cryptocurrency payment channels used by ransomware gangs. One year ago, the Treasury Department's Office of Foreign Assets Control (OFAC) also warned that ransomware negotiators that they could face civil penalties for facilitating ransom payments if their deals involve ransomware gangs already on its sanctions list."

Here's a Quick Look at How Pakistani Counterfeiters Helped Russian Operatives

 

One company stood out in a cascade of U.S. sanctions imposed on Thursday on Russian cybersecurity companies and officials allegedly acting on behalf of the Kremlin intelligence in Karachi, Pakistan: ‘A fresh air farm house’. 

The Farm House, whose Facebook page reveals a waterpark-equipped vacation rental, is run by 34-year-old Mohsin Raza, considered one of two founders of an internet faux ID enterprise that prosecutors say helped Russian operatives get a toehold in the United States. 

According to a U.S. Treasury assertion and an indictment issued this week by federal prosecutors in New Jersey, Raza operated a digital faux ID mill, churning out photographs of doctored drivers’ licenses, bogus passports, and cast utility payments to assist rogue shoppers to go verification checks at U.S. fee firms and tech corporations. 

Reuters reached Raza in Pakistan at a telephone number offered by the US Treasury's sanctions record. He confirmed his identity and acknowledged being a digital counterfeiter, saying he used "simple Photoshop" to change ID cards, bills, and other documents to order. Raza – who stated he is additionally dabbled in graphic design, e-commerce and cryptocurrency – denied any wrongdoing, saying he was merely serving to individuals entry accounts that they’d been frozen out of.

Among his clients, the New Jersey indictment alleges was a worker of the Internet Research Agency – a notorious Russian troll farm implicated by U.S. investigators, media experiences, leaked paperwork, and former insiders in efforts to intrude in U.S. elections. The IRA worker used Raza’s companies in 2017 to obtain cast drivers’ licenses to assist the identification of pretend accounts on Facebook, based on the indictment. 

Facebook didn’t instantly provide any remark. Raza stated he did not observe who used his service. He stated inspiration for his enterprise got here a number of years in the past when a PayPal account which he had opened beneath an alias was locked, trapping a whole lot of {dollars} he’d obtained for optimizing on-line search outcomes. 

Money earned from the fake ID business was poured into the construction of the Fresh Air Farm House, Raza said. The facility, which features three bedrooms, a playing field, a water slide, and a BBQ area, is now on a US list of sanctioned entities alongside Russian oligarchs and defense contractors. Raza's business is an example of how transnational cybercrime can serve as a springboard for state-sponsored disinformation, said Tom Holt, who directs the School of Criminal Justice at Michigan State University. 

The alleged use by Russian operatives of a Pakistani fake ID merchant to circumvent American social media controls "highlights why this globalized cybercrime economy that touches so many areas can be a perfect place to hide - even for nation-states," he said.