The 3rd U.S.-ROK Working Group Meeting on the DPRK Cyber Threat

The 3rd U.S.-Republic of Korea (ROK) Working Group Meeting on the Democratic People’s Republic of Korea (DPRK) Cyber Threat was held in Washington, D.C., on March 7, 2023.  U.S. and ROK government representatives exchanged information about the DPRK’s malicious cyber activities, including cryptocurrency heists and related money-laundering, and the fraudulent activities of DPRK information technology (IT) workers stationed abroad.  These foreign currency generating activities by the DPRK provide revenue for the regime’s unlawful weapons of mass destruction and ballistic missile programs.  UN Security Council resolutions prohibit Member States from allowing DPRK nationals to earn income in their jurisdictions.

The United States and ROK reaffirmed our commitment to significantly expand cooperation to confront a range of DPRK cyber threats. Both sides discussed ongoing efforts to disrupt DPRK’s actions, including efforts to mitigate the financial damages caused by the DPRK’s malicious cyber activities.  Specifically, the United States and ROK discussed the progress made in seizing and freezing virtual assets stolen by the DPRK.  During the meeting, both sides underscored the importance of working with private sector partners to raise awareness of the DPRK’s actions and cut off Pyongyang’s ability to exploit the global financial system

U.S. Deputy Special Representative for the DPRK Dr. Jung Pak and ROK Ministry of Foreign Affairs Director-General for North Korean Nuclear Affairs Lee Jun-il chaired the Working Group meeting.  The U.S. delegation included representatives from the Departments of State, the Treasury, Justice, and Defense, as well as the Federal Bureau of Investigation.  The Republic of Korea was represented by the Ministry of Foreign Affairs, National Cyber Security Center, and National Police Agency.

For more information on the DPRK’s malicious cyber activities, please see the DPRK Cyber Threat Advisory here .

For more information on the DPRK’s IT workers, read our statement to the press here.

For more information on the DPRK’s ransomware attacks to the healthcare sector, please see the cybersecurity advisory here  .