The US Department of State has announced that it is offering up to $10 million as a reward for information on individuals associated with notorious North Korean state-sponsored hacking groups.
The US government says it is interested in information on hackers that are part of the advanced persistent threat (APT) actors known as Lazarus Group, Bluenoroff, Andariel, APT38, Guardians of Peace, and Kimsuky.
“If you have information on any individuals associated with North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or Lazarus Group) and who are involved in targeting US critical infrastructure in violation of the Computer Fraud and Abuse Act, you may be eligible for a reward,” the State Department announced this week.
‘Lazarus’ is the commonly used term when referring to the cyber activities of North Korean hackers, including cyberespionage, cryptocurrency heists, and financially motivated operations. The US government refers to this activity cluster as ‘Hidden Cobra’.
Lazarus has been blamed for various high-profile cyberattacks, including the recent Ronin $600 million cryptocurrency heist and the $100 million hack of Harmony’s Horizon Bridge.
Andariel, Bluenoroff, and Guardians of Peace are believed to be subgroups within Lazarus/Hidden Cobra. ‘APT38’ is another term used to describe the same activities.
The $10 million reward for Lazarus hackers comes roughly three months after the US government announced it was offering $5 million for information that would help disrupt financial mechanisms of entities offering financial support to the North Korean government.
Last year, the US government stepped up its efforts against ransomware and other cyber threats by offering rewards of up to $10 million for information on any hacker conducting malicious operations against critical infrastructure.
In April this year, the Department of State underlined its interest in rewarding individuals offering information on Russian intelligence officers responsible for the 2017 NotPetya attack.
Related: North Korea APT Lazarus Targeting Chemical Sector
Related: US Puts Sanctions on N.Korea Hacking Groups Behind Major Thefts
Related: USCYBERCOM Shares More North Korean Malware Samples