Australia Sanctions North Korean Hacker Groups Over $1.9B Global Crypto Theft

Highlights:

• Australia has sanctioned key North Korean hacker groups for stealing crypto to fund illegal weapons projects.
• Lazarus and other cyber units are facing travel bans as global partners unite to block North Korea’s crypto theft.
• Hackers linked to Pyongyang used fake IT jobs to steal billions in digital assets from firms around the world.

Australia has imposed sweeping sanctions on several North Korean hacker groups accused of stealing billions in cryptocurrency to fund Pyongyang’s weapons programs. The sanctions target key cybercrime units linked to North Korea’s Reconnaissance General Bureau, including the notorious Lazarus Group. Foreign Minister Penny Wong announced on Thursday, calling the move part of efforts to limit North Korea’s access to illegal funding sources.

Australia sanctions North Korean hacker groups Lazarus, Kimsuky, Andariel, and Chosun Expo, plus Park Jin-hyok, for stealing $1.23B in crypto in 2024 and laundering funds. Targets financing of WMD programs, per Foreign Minister Wong. #NorthKorea #CryptoHeist pic.twitter.com/QbV1HuWtX6

— Vincent Bu Lu (@VincentBuLu1) November 6, 2025

According to Australia’s Foreign Ministry, North Korean hackers stole at least A$1.9 billion in cryptocurrency from global companies last year. The report said the stolen assets increased by 50% from the year before, showing a growing dependence on cybercrime for state revenue. The Ministry said hackers used global networks of North Korean nationals to launder stolen digital assets and finance weapons of mass destruction programs.

Minister Wong said the government will continue working with partners to apply pressure on Pyongyang. She added that stopping the regime’s illegal money flow remains a national security priority. North Korea had earlier warned that similar sanctions from the United States could “antagonise” its leadership. However, Australia said its decision supports global efforts to block cyber-enabled theft.

Crackdown Targets North Korean Hackers Behind Global Crypto Heists

The sanctions target four major hacking groups operating under North Korea’s intelligence agency. These include Lazarus Group, Kimsuky, Andariel, and Chosun Expo. Authorities also sanctioned programmer Park Jin Hyok, who is accused of involvement in multiple cyberattacks. Park has been previously linked to the Sony Pictures hack, the WannaCry ransomware attack, and the Bangladesh Bank theft.

Lazarus Group is considered North Korea’s most advanced cybercrime unit. It has targeted financial institutions, crypto exchanges, and technology firms across the world for more than a decade. The Australian government said these groups have stolen large amounts of cryptocurrency to fund Pyongyang’s missile and nuclear programs. Officials believe the attacks rely on a global network of North Korean IT workers posing as freelancers for Western companies.

Andariel is a defense and engineering company, and Kimsuky is an espionage company. Both organizations gather sensitive information and intelligence on behalf of the regime. The hackers are assisted by Chooson Expo, a state-owned front company that also offers infrastructural support and access to international networks.

Minister Wong said sanctioning these entities would disrupt their ability to conduct cyber operations. She stressed that cutting financial support remains essential to weakening North Korea’s illicit funding sources.

Australia Sanctions Key Units Behind Major Crypto Heists

Under the new measures, Australia imposed financial and travel bans on the four entities and one individual. The restrictions prevent any Australian citizens or companies from engaging with the sanctioned groups. Authorities said the action aligns with international efforts to counter North Korea’s digital crimes and money laundering schemes.

The Multilateral Sanctions Monitoring Team, composed of Australia and ten Western allies, recently published a report on North Korea’s increasing cyber activity. The report noted that from January to September, the country’s hackers stole at least $1.6 billion in digital assets. This amount already exceeds the total for last year. Minister Wong said Australia will continue collaborating with allies to strengthen enforcement against cyber threats.

North Korean hackers have stolen $2.83 billion in cryptocurrency from January 2024 to September 2025, with significant involvement from Chinese, Russian, and Cambodian intermediaries, according to the Multilateral Sanctions Monitoring Team (MSMT). pic.twitter.com/TBtIS84U9l

— The Inquiry (@InquiryTh) October 26, 2025

The United States has also imposed similar sanctions through the Office of Foreign Assets Control (OFAC). OFAC named North Korean financial institutions and IT companies that manage stolen funds and employ undercover workers in China and Russia. Both countries face growing scrutiny over the movement of illicit digital assets.