Thursday, February 15, 2024


N. Korea sold illegal gambling websites to S. Korean cybercrime ring

South Korean intelligence named the North Korean “Gyonghung Information Technology Exchange Company” as the group behind the websites

By Laura Geigenberger
- February 15, 2024


A North Korean organization under the Workers’ Party has reportedly created thousands of illegal online gambling websites in cooperation with an unidentified South Korean cybercrime ring, the ROK’s National Intelligence Service (NIS) told Yonhap news agency on Wednesday. The investigation appears to be ongoing.

In the process, the North Korean organization allegedly received KPW 6.5 million (USD 5,000) for each created gambling website and KPW 4 million (USD 3,000) per month to maintain them. In addition, the NIS suspects that the organization received another KPW 1.8 million to 6.5 million (USD 2,000 to 5,000) when the website achieved a high number of users. The transfers in foreign currency were made both via Chinese bank accounts and global online payment services such as PayPal. It is estimated that each member of the organization transferred around KPW 650,000 (USD 500) per month to North Korea.

The South Korean clients resold the gambling websites to third parties, the NIS revealed, allegedly earning several trillion won in the process. To facilitate the transactions between China and the ROK, the South Korean cybercrime ring also apparently provided domestic servers that enabled the North Korean IT specialists to hack into several foreign companies. In addition, the websites and servers were reportedly used to steal personal data, conversations, and identifying information of around 1,110 users by the criminal organizations either disguising their nationality or using phishing techniques such as malicious codes on their websites.

“This is the first time that concrete evidence has been disclosed to the public that North Korea is deeply involved in cyber gambling, which has recently become a serious social problem in South Korea,” the NIS stated. The agency now estimates that “thousands” more North Korean organizations are currently developing cyber gambling schemes and selling them abroad to generate foreign currency for the regime. It is assumed that most of them have settled in China illegally.

The group worked in China in direct violation of U.N. sanctions

In the recently uncovered cybercrime case, the NIS named the North Korean “Gyonghung Information Technology Exchange Company” as the group behind the websites. The 15-member group under the command of Kim Kwang-myeong, a former member of the DPRK’s Reconnaissance General Bureau, is based in the Chinese city of Dandong near the North Korean border. It is believed to be subordinate to the so-called “Room 39” of the Workers’ Party, a secret North Korean party organization designated to preserve the leadership’s foreign currency reserves.

According to the National Intelligence Service, the North Korean IT operatives were staying in the dormitory of a garment factory called “Golden Phoenix Clothing Co., Ltd.” in Dandong, which is owned and operated by a businessman in North Korea. “The North Korean IT organizations, which were established to raise dollars, are mixing with North Korean workers in the region to illegally earn foreign exchange,” the NIS alleges.

In doing so, the regime is in direct violation of the United Nations (U.N.) Security Council’s resolution 2397. Back in 2017, the Council prohibited the regime from stationing workers abroad and instructed all member states to expel North Korean citizens by the end of 2019.

Nevertheless, the BBC estimates that around 100,000 North Koreans were stationed abroad in 2023, mostly in factories and on construction sites in north-eastern China which are operated by the North Korean government. It is estimated they have earned Pyongyang USD 740 million between 2017 and 2023. The number of IT personnel working illegally abroad and/or as employees for international companies under false identities, however, is currently unknown.

The DPRK relies on hacking, virtual assets, and foreign currency to fund its weapons programs

Both the South Korean and U.S. governments as well as the United Nations have repeatedly voiced their suspicions that thousands of North Koreans around the world are working under false identities to earn foreign currency for the DPRK. “They are everywhere, from Asia to Africa, and sometimes even employed by U.S. companies,” said Jung H. Pak, deputy U.S. special representative for the DPRK at the U.S. State Department, at a Korean-American symposium in California on May 24, 2023.

Furthermore, North Korea-linked hacks have been on the rise over the past few years, with cyber-espionage groups such as Kimsuky and Lazarus Group utilizing various malicious tactics to acquire large amounts of crypto assets. The DPRK relies on financial fraud, money laundering, and cybercrime to fund its weapons of mass destruction and ballistic missile programs. In doing so, it is violating several resolutions of the United Nations Security Council. The White House and the U.N. have also repeatedly claimed that half of North Korea’s weapons development might be funded by cyberattacks and cryptocurrency theft.

According to the U.S. Treasury Department, North Korea has gained about 1.7 trillion KPW (USD 1.2 billion) in virtual assets worldwide since 2017 through cybercrime such as hacking, information theft, and digital extortion methods. Chainalysis, the blockchain data platform, further reported a new record of 20 North Korean hacking incidents last year. The total value of the stolen virtual assets amounted to approximately KPW 1.3 trillion (USD 1 billion) – a significant decrease, however, compared to the record sum of KPW 2.3 trillion (USD 1.7 billion) in 2022.

Edited by Robert Lauler.

No comments: