Australia Cracks Down: Sanctions Lazarus Group & North Korean Hackers Behind $1.9B Crypto Theft as ASIC Expands Oversight
A Landmark Crackdown on North Korean Cybercrime
Australia has taken decisive action against North Korea’s state-sponsored cybercrime network, imposing severe sanctions on four notorious hacking units — including the infamous Lazarus Group — responsible for an unprecedented A$1.9 billion crypto theft in 2024.
This coordinated move, announced by Foreign Minister Penny Wong, marks a historic step in disrupting Pyongyang’s global weapons financing pipeline, which has long relied on illicit cryptocurrency activities, espionage, and cyber intrusions.
The Cyber Units Under Sanction
The Australian government formally designated the following North Korean entities under its autonomous sanctions framework:
- Lazarus Group — known for large-scale crypto exchange hacks and ransomware campaigns.
- Kimsuky — specializing in intelligence collection and spear-phishing operations.
- Andariel — a cybercrime syndicate linked to military-grade malware attacks.
- Chosun Expo — the front company coordinating global cyber operations.
Individual hacker Park Jin-hyok, associated with Chosun Expo, has also been personally sanctioned. Park is already blacklisted by both the United States and South Korea for his role in multiple transnational cybercrimes.
Escalating Financial Impact: Over $3 Billion in Crypto Stolen in 2024
A recent UN Multilateral Sanctions Monitoring Team report revealed that the value of crypto assets stolen by North Korean operatives in 2024 surged by nearly 50% compared to 2023, reaching a staggering A$1.9 billion.
According to independent analysis, North Korean hackers have siphoned nearly AU$4.5 billion (US$3 billion) from global exchanges this year alone, with a major breach of Bybit in February attributed directly to DPRK-linked attackers.
These attacks are part of a sustained campaign to circumvent international sanctions and finance the country’s nuclear weapons and ballistic missile programs.
Coordinated International Response and Policy Implications
Foreign Minister Wong emphasized that Australia’s sanctions are aligned with international enforcement measures taken by allied nations, including the United States, Japan, and South Korea.
“This sends a clear message that Australia will not tolerate the exploitation of our financial systems by hostile cyber actors. We are committed to cutting off the revenue streams that fund North Korea’s illegal weapons activities,” said Penny Wong.
The sanctions impose strict financial prohibitions, freezing assets and banning Australian entities from providing funds or services to any listed individuals or groups.
Failure to comply could result in law enforcement action under Australia’s Autonomous Sanctions Act 2011.
ASIC Expands Oversight of the Digital Asset Sector
In tandem with the sanctions, the Australian Securities and Investments Commission (ASIC) has reinforced regulatory control over the fast-evolving crypto market.
Updated guidance in Information Sheet 225 has redefined the scope of “crypto-assets” to “digital assets”, encompassing:
- Staking and yield-bearing tokens
- Decentralized Finance (DeFi) protocols
- Asset-referenced stablecoins
- Tokenized financial products
This expansion includes 18 practical examples to assist businesses and investors in understanding compliance expectations under Australia’s Corporations Act.
AUSTRAC to Tighten Oversight of Crypto ATMs
Parallel to ASIC’s regulatory update, new legislation has been introduced in Parliament to tighten controls on crypto cash-out infrastructure, especially cryptocurrency ATMs.
The proposed Crypto ATM Regulation Bill would require:
- Mandatory AUSTRAC registration for all operators
- Full KYC (Know Your Customer) verification for users
- Real-time transaction monitoring and reporting mechanisms
- Installation of anti-money laundering (AML) compliance systems
These measures aim to curb illicit cash-out activity, ensure traceability, and deter North Korean entities from laundering digital proceeds through Australian financial channels.
National Security and Cyber Awareness
Australia’s government has called on citizens and businesses to remain vigilant about cyber threats and exercise caution when engaging with unknown entities or wallets linked to sanctioned groups.
“Payments or dealings with sanctioned entities could expose individuals and businesses to serious criminal penalties,” warned the Department of Foreign Affairs and Trade (DFAT).
Cybersecurity experts stress the importance of multi-layered digital defense strategies, emphasizing the urgent need for cyber hygiene awareness, especially within the fintech and crypto sectors.
The Broader Geopolitical Context
The sanctions against North Korea’s cyber units underscore Australia’s growing role in global cybersecurity governance.
As Pyongyang intensifies its cyber-enabled financial crimes, nations across the Indo-Pacific region are deepening intelligence cooperation and developing unified countermeasures.
The Five Eyes alliance — comprising Australia, the U.S., the U.K., Canada, and New Zealand — continues to coordinate threat intelligence sharing and response strategies against DPRK-backed cyber operations.
Looking Ahead: Toward a Safer Digital Future
Australia’s firm stance against state-sponsored cybercrime sends a strong message to malicious actors worldwide.
With regulatory frameworks tightening under ASIC and AUSTRAC, and sanctions now directly targeting the financial networks of rogue nations, the country is asserting itself as a leader in digital asset integrity and cybersecurity policy.
By aligning enforcement with global allies, Australia reinforces its commitment to ensuring that digital innovation and financial freedom do not come at the cost of national security.
FAQ
- Why did Australia sanction North Korean hacker groups?
To disrupt North Korea’s weapons funding channels and punish state-backed cybercriminals responsible for billions in crypto thefts. - Who are the Lazarus Group and Kimsuky?
They are elite North Korean hacking units linked to espionage, ransomware, and cryptocurrency theft, operating under the Reconnaissance General Bureau. - How much cryptocurrency did North Korea steal in 2024?
An estimated AU$1.9 billion, representing a 50% increase over 2023, according to government and UN reports. - What new crypto regulations did ASIC and AUSTRAC introduce?
ASIC expanded the definition of digital assets, while AUSTRAC proposed mandatory registration and monitoring of crypto ATMs.
Individuals or businesses transacting with listed hackers or organizations risk prosecution and heavy fines under Australian sanctions law.
Cryptologic may earn a commission if you make a purchase through some of the links on this site, at no extra cost to you. This helps support our work. Thank you for your support!
