The US Treasury imposed sanctions on three state-sponsored North Korean hacking groups that have been found to engage in a variety of cyber attacks targeting criticial infrastructure.
The groups are Lazarus, Bluenoroff, and Andariel, all of them notorious for a variety of financially-motivated operations ranging from cyber-espionage to data theft, so as to fund the country’s illicit weapon and missile programs.
Calling for a freeze of any financial asset associated with the three groups, the action also covers “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the entities.”
All the three groups are said to be controlled by North Korea‘s primary intelligence agency Reconnaissance General Bureau (RGB), with Lazarus attributed to a number of high-profile attacks over the years.
Created in 2007, the Lazarus group has gone after a number of targets including militaries, governments, financial institutions, media companies and utility sectors to perpetrate monetary heists and destructive malware attacks, making it the most-profitable cryptocurrency-hacker syndicate in the world.
Some of Lazarus’ most infamous operations were the 2014 hack of Sony Pictures and the WannaCry ransomware infection in 2017, as well as a series of cyberattacks using the SWIFT banking network in 2015-16. WannaCry, in particular, was devastating, as it spread to over 150 countries and locked out an estimated 300,000 computers.
Bluenoroff and Andariel, both sub-groups of Lazarus, have been traced to malicious cyber actvities with an aim to illicitly earn revenue and siphon off sensitive information.
“Bluenoroff conducts malicious cyber activity in the form of cyber-enabled heists against foreign financial institutions on behalf of the North Korean regime to generate revenue, in part, for its growing nuclear weapons and ballistic missile programs,” the Treasury said.
The group — noticed as early as 2014 and coined by Kaspersky after one of the tools they used — has attacked a number of financial institutions across India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Chile, and Vietnam.
Their biggest operation to date remains the attempt to steal $851M USD from Bangladesh Central Bank in 2016. While the attempt was largely foiled, the group made away with $81 million dollars, of which $18 million has been recovered.
Andariel, the other Lazarus sub-group operating since 2015, is known to focus its operations on foreign businesses, government agencies, financial services infrastructure, private corporations, and entities in the defense industry.
It’s also known for conducting cyber-espionage activities against South Korea, in addition to developing malware to hack into online poker and gambling sites to steal cash.
The development comes as a United Nations report last month estimated North Korea to have generated an estimated $2 billion for its weapons programs through “widespread and increasingly sophisticated cyberattacks” targeting banks and cryptocurrency exchanges.
A threat report by cybersecurity firm Group-IB revealed state-sponsored Lazarus outfit to be responsible for stealing $571 million worth cryptocurrency between January and September of last year.
But news of agencies simply yielding to extortion demands has also fueled ethical concerns, what with insurance companies covering the costs of the ransom, leading to an increase in frequency and scale of ransomware attacks in the US and elsewhere.
Viewed in that light, the sanctions are only a start of what appears to be an effort to put a cap on North Korea’s cyber crime operations. With groups like Bluenoroff formed in response to increased global sanctions on the country, it’s fair to wonder if the efforts will have any significant effect.