By Kuksung Nam, The Readable
Feb. 14, 2024 8:40PM GMT+9
A group of North Korean information technology professionals has reportedly sold thousands of illegal gambling websites to South Korean criminal organizations, funneling their profits back to the North Korean government. According to the South Korean intelligence agency, over a thousand North Korean IT professionals are suspected of generating illicit revenue from overseas, particularly in China, through the sale of such online gambling platforms.
The National Intelligence Service (NIS) on Wednesday revealed details about an illegal online gambling network run by a group of North Korean IT professionals based in Dandong, China. Identified as “Gyonghung Information Technology Co., Ltd,” this group reportedly charged clients $5,000 to create illegal gambling websites and received $3,000 monthly payments for site management. Additionally, they imposed fees ranging from $2,000 to $5,000 on a monthly basis in instances of heightened website traffic. The exact earnings of this group were not disclosed by the NIS.
The North Korean operatives camouflaged their identities as Chinese IT workers, either through the assistance of Chinese intermediaries or by fabricating false identities. This involved altering their photographs on Chinese identification cards, a process facilitated by resources found on online platforms like Google or LinkedIn. They then targeted potential clients via social media channels and job recruitment sites. Portraying themselves as highly skilled foreign IT experts, the group actively pursued clientele by promising substantial profits, leveraging credentials they had deceitfully acquired from stolen resumes.
The NIS stated, “North Korean IT workers propose services for establishing illicit online gambling sites at significantly reduced rates, at around 30 to 50 percent lower than those of their South Korean or Chinese counterparts. Their proficiency in the Korean language further appeals to South Korean criminal organizations. These advantages encourage these organizations to continue their operations with North Korean operatives, even after their true identities have been revealed.”
The intelligence agency reported that the illicit earnings were funneled back to Pyongyang, with each member of the IT group sending approximately $500 per month. This group, affiliated with Office 39, is comprised of 16 individuals, led by 45-year-old Kim Kwang-myong. Kim, originally part of the Reconnaissance General Bureau—North Korea’s primary intelligence agency responsible for managing the North’s clandestine operations—was later assigned to Office 39. Office 39 is a clandestine division of the North Korean government, responsible for generating and managing funds for the regime's leader, Kim Jong-un. Additionally, the NIS revealed the identities of two group members: 39-year-old Chong Ryu-song and 28-year-old Chon Kwon-uk.
Safely transferring their earnings back to North Korea represented a significant challenge for the group, given the stringent economic and financial sanctions imposed on the North Korean state. The NIS disclosed that the group managed to receive payments through bank accounts registered under Chinese identities or through accounts owned by South Korean criminal organizations, which were opened under borrowed names. Additionally, they utilized online payment systems like PayPal, and they would withdraw the funds from banks located in China.
Moreover, the intelligence agency uncovered that the group had attempted to sell approximately 1,100 records of personal information belonging to South Koreans, information which had been harvested from the illegal gambling websites. This sensitive data included usernames, contact details, and bank account numbers.
The intelligence agency, in partnership with the South Korean police, is in the midst of uncovering the identity of the South Korean cybercriminal organization. This group is alleged to have generated trillions of won in revenue from the illegal gambling sites established by North Korean IT professionals.
nam@thereadable.co
The cover image of this article was designed by Sangseon Kim. This article was copyedited by Arthur Gregory Willers.
Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.