Go to Contents Go to Navigation

(2nd LD) U.S. sanctions 2 Chinese nationals linked to N.K. cyber group

All News 07:04 March 03, 2020

(ATTN: UPDATES with indictment in paras 7-8)
By Lee Haye-ah

WASHINGTON, March 2 (Yonhap) -- The U.S. Treasury Department on Monday sanctioned two Chinese nationals linked to a North Korean state-sponsored cyber group.

The department said it is designating the two individuals -- Tian Yinyin and Li Jiadong -- for taking some US$91 million in funds that were stolen by Lazarus Group from a hack of a cryptocurrency exchange in April 2018.

Lazarus Group is already under U.S. Treasury sanctions for carrying out cyber attacks on behalf of the North Korean government to generate revenue for the regime's nuclear and missile programs.

This file photo shows the U.S. Department of the Treasury in Washington. (Yonhap)

"The North Korean regime has continued its widespread campaign of extensive cyber-attacks on financial institutions to steal funds," Treasury Secretary Steven Mnuchin said in a statement on the department's website. "The United States will continue to protect the global financial system by holding accountable those who help North Korea engage in cyber-crime."

The Treasury said Tian and Li also took $9.5 million from a hack of another exchange.

The sanctions measure requires the individuals' property and interests in the U.S. or in the possession of Americans to be blocked.

In a parallel step, the U.S. Attorney's Office for the District of Columbia said the two individuals were charged with laundering more than $100 million worth of cryptocurrency. They are being charged with money laundering conspiracy and operating an unlicensed money transmitting business.

A civil forfeiture complaint seeks to recover nearly $250 million worth of virtual currency stolen by North Korean co-conspirators in 2018, the office said in a press release, adding that a portion of the sum has already been seized.

Lazarus Group has been blamed for the 2014 cyber attack of Sony Pictures Entertainment and the 2017 WannaCry ransomware attack on countries including the U.S. and Britain.

Meanwhile, the Treasury delisted two Russian entities -- Independent Petroleum Company and its subsidiary AO NNK-Primornefteproduct -- previously sanctioned for shipping more than $1 million worth of petroleum products to the North.

IPC's parent company, Alliance Oil Company, has since stopped all exports to the regime and started a global compliance program, the Treasury said.

"U.S. sanctions need not be permanent; sanctions are intended to bring about a positive change of behavior," it said. "The United States has made clear that the removal of sanctions is available for persons designated under North Korea-related authorities, who take concrete and meaningful actions to stop enabling North Korea's sanctions circumvention."


Send Feedback
How can we improve?
Thanks for your feedback!