On September 13, 2019, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions targeting three North Korean state-sponsored malicious cyber groups responsible for North Korea’s malicious cyber activity on critical infrastructure. As part of the sanctions, OFAC alleges that the entities conducted successful operations targeting more than 16 organizations across 11 countries, including the SWIFT messaging system, financial institutions and cryptocurrency exchanges.

More broadly, OFAC noted that in addition to malicious cyber activities on conventional financial institutions, foreign governments, major companies and infrastructure, North Korea’s cyber operations also target virtual asset service providers and cryptocurrency exchanges to possibly fund North Korea’s WMD and ballistic missile programs. According to OFAC, these three state-sponsored hacking groups likely stole around $571 million in cryptocurrency alone, from five exchanges in Asia between January 2017 and September 2018.

As a result of OFAC’s action, all property and interests in property of the three entities, and of any entities that are owned, directly or indirectly, 50 percent or more by the designated entities, that are in the United States or in the possession or control of US persons are blocked and must be reported to OFAC. OFAC’s regulations generally prohibit all dealings by US persons or within (or transiting) the United States that involve any property or interests in property of blocked or designated persons.

In addition, persons that engage in certain transactions with the entities designated today may themselves be exposed to designation. Finally, any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the entities designated today could be subject to US correspondent account or other sanctions.