North Korea Leverages Hong Kong Corporate Law, Conducts Cyberattacks, U.N. Panel Finds

North Korea has used Hong Kong-registered front companies to evade sanctions and move money, according to recent reports by a United Nations sanctions-monitoring panel and an international financial watchdog.

Hong Kong companies and bank accounts played roles in a case involving illicit North Korean coal and a spate of cyberattacks conducted by North Korean hackers, the U.N. report said. The two reports came ahead of North Korea’s second test of a multiple rocket launcher, hours after Pyongyang said it was willing to resume nuclear negotiations with the U.S. in late September.

North Korea’s government reportedly invited President Donald Trump to Pyongyang, but Trump on Monday told reporters that he wasn’t yet ready to visit the country.

The reports, issued Aug. 30 by the U.N. Panel of Experts and Sept. 4 by the Financial Action Task Force (FATF), highlight the difficulty of enforcing international sanctions on North Korea. “Ongoing deficiencies in the implementation by member states of financial sanctions, combined with the deceptive practices of the Democratic People’s Republic of Korea, enabled the country to continue to access the international financial system,” the U.N. panel’s report said.

The U.N. panel monitored compliance with international sanctions on North Korea, while the FATF evaluated Hong Kong’s efforts combating money laundering and terrorist financing. Hong Kong’s incorporation rules and gaps in enforcement have enabled the North Korean behavior, according to the FATF report. Only recently did Hong Kong begin requiring companies to collect and maintain beneficial ownership information, the FATF report said. After forming a company by filing the necessary paperwork, a newly registered firm can open a bank account. 

Companies registered in Hong Kong have become a prominent vehicle for illicit North Korean activity, Stephanie Kleine-Ahlbrandt, a former member of the U.N. Panel of Experts, said in a Sept. 5 interview with 38North, a North Korea-focused website. “Banks [in Hong Kong] have complained to me on numerous occasions about the liberal company law regime (inherited from the United Kingdom), which exposes them to a significant amount of risk,” she said. 

Hong Kong is in the process of implementing targeted financial sanctions regulations to combat terrorist financing and proliferation financing, but the legal regimes have only been in place since May 2018, according to the FATF report. Hong Kong should pursue the identification of proliferation financing-related funds, assets and economic resources, and review whether there are impediments to identifying such assets, the FATF report said.

It should closely monitor and manage its exposure to proliferation financing by North Korea as a strategic priority, the FATF said. “[Hong Kong] should conduct targeted outreach to smaller entities in all sectors, and focus in particular on those sectors that demonstrated more systemic gaps in understanding of their [sanctions] obligations, such as [money service operators] and [dealers in precious metals and stones],” the FATF said.

Though the FATF report didn’t identify specific case studies, the U.N. cited several examples of Hong Kong companies playing roles in North Korean sanctions evasion.



The U.N. panel investigated evasion techniques used in the transactions associated with the coal at one point aboard the Wise Honest, a tanker seized in May by the U.S. on allegations that the North Korean government used the vessel to violate international sanctions. The vessel was put up for auction by the U.S. Marshals Service; it’s unclear whether it was sold. 

North Korea is barred by the U.N. from exporting coal; it is nevertheless believed to have exported about 930,000 metric tons of coal through at least 127 deliveries during the first four months of 2019, according to the U.N. report, citing information from an unnamed U.N. state.

A prior U.N. panel report tracked the Wise Honest over its use of false flags, as well as the North Korean origins of the coal previously aboard the Wise Honest.

The coal, which was seized and later released by Indonesian authorities, was transferred to the Dong Thanh, a vessel owned and operated by a subsidiary of the Vietnamese state-owned shipping company, according to maritime records.

The Dong Thanh, having been rejected from Malaysian waters, sailed toward Vietnam, where authorities there interdicted the vessel in June and launched an investigation, according to the latest U.N. report.

The U.N. report identified the Dong Thanh’s operator as Hong Kong-based Qingdao Global Shipping Group Ltd., and said the company received a payment in 2018 from an account used to fund Wise Honest-related transactions. Qingdao supplied documents to the U.N. saying the payment was compensation for a non-delivery of coal from the Wise Honest to its vessel, the Ken Orchid, which was chartered to trans-ship the coal to Pohang, South Korea.

Trans-shipment costs for the coal were paid by a North Korean overseas bank representative of Jinmyong Joint Bank, who arranged a transfer of $760,000 through Huitong Minerals Co. Ltd., the U.N. panel found. Huitong Minerals is based in Hong Kong but registered in British Anguilla, according to the Panama Papers. Jinmyong Joint Bank was sanctioned in 2017 by the U.S. Treasury Department over its involvement in the North Korean financial sector. 

The U.N. said it saw similar evasion techniques in transactions associated with the sale of the coal aboard the Wise Honest. South Korea-based Enermax Korea Inc. was listed as the final recipient; the company told the U.N. that it had agreed to buy the coal from “a local broker in Indonesia,” but wasn’t able to substantiate it to investigators because the relevant emails were deleted, the report said. 

Enermax, which is based in Goyang-si, Gyeonggi-do, the province surrounding the capital Seoul, said it didn’t find anything suspicious about a “local Indonesian broker” issuing contracts, paperwork and financing for the coal procurement through a company specialized in selling machinery involved in cigarette manufacturing, according to the U.N. The company didn’t undertake due diligence before signing a contract requiring it to transfer $3 million, an unprecedented transaction for Enermax, to the bank account of Hong Kong Nova International Trade Company for the coal, the U.N. said.

South Korean lawmaker Yu Ki Jun filed a charge in June 2019 against Enermax at the Seoul Central District Prosecutor’s Office, accusing the company of illegally importing North Korean coal; Enermax is under investigation by South Korea’s coast guard and other authorities, according to reports by The Korea Economic Daily, a South Korean news organization.

Lee Min Su is Enermax’s chief executive, according to the South Korean Credit report of the company. He didn’t reply to the U.N. panel’s questions about how he learned about the deal, or how he contacted the local Indonesian broker involved, the report said. Enermax, according to the U.N., doesn’t have a website and hasn’t reported annual sales figures since 2014.



North Korea has “used cyberspace to launch increasingly sophisticated attacks” to steal funds from financial institutions and cryptocurrencies to generate income, the U.N. report said. 

North Korean cyber actors, including those operating under the direction of the Reconnaissance General Bureau (RGB), have raised up to $2 billion for the country’s weapons of mass destruction programs, according to an estimate cited in the U.N. report. The U.S. on Friday sanctioned three North Korean state-sponsored hacker groups controlled by the RGB, which has been designated by the U.S. and the U.N. as the North Korean intelligence bureau.

Hong Kong accounts received stolen funds in several cases of North Korean hacking investigated by the U.N., according to the panel’s report.

About $10 million was stolen in May 2018 from Banco de Chile through unauthorized transfers using SWIFT, mainly to Hong Kong, according to the U.N. In another case, North Korean hackers stole $13 million through an attack on an Indian bank through simultaneous withdrawals across 23 countries in five hours, as well as the transfer of 139 million rupees to a Hong Kong-based company’s account, through three unauthorized SWIFT transactions. A third case cited in the report involved an attempted theft of $14.5 million from a Maltese bank; before the transfers were reversed, they went to banks located in the U.S., U.K., Czechia and Hong Kong, the report said.

“The proportion of revenue generated from cyber attacks has grown in relation to income generated through other [North Korean] activities,” Kleine-Ahlbrandt said in the interview.


Log in to access the latest Kharon Briefs on global security threats and sanctions networks. Don’t have an account? Register now for free.