Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

US Puts Sanctions on N.Korea Hacking Groups Behind Major Thefts

The US Treasury on Friday placed sanctions on three North Korea government-sponsored hacking operations which it said were behind the theft of possibly hundreds of millions of dollars and destructive cyber-attacks on infrastructure.

The US Treasury on Friday placed sanctions on three North Korea government-sponsored hacking operations which it said were behind the theft of possibly hundreds of millions of dollars and destructive cyber-attacks on infrastructure.

The Treasury said the three groups — dubbed Lazarus Group, Bluenoroff and Andariel — were behind major thefts from financial institutions and cryptocurrency exchanges, as well as the 2018 WannaCry hack that crippled Britain’s National Health Service.

All three are tied to the Reconnaissance General Bureau, Pyongyang’s main intelligence bureau, and are behind numerous malicious computer viruses as well as attempts to steal billions of dollars online to fund the North Korean government, the Treasury said.

“Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs,” said Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence.

“We will continue to enforce existing US and UN sanctions against North Korea and work with the international community to improve cybersecurity of financial networks,” she said in a statement.

Created in 2007, Lazarus group has been known for years. It was behind the malicious hack of Sony Pictures in 2014, as well as the WannaCry ransomware that spread to at least 150 countries in 2017.

The most heaviest hit was Britain’s public health system, with hospitals virtually shut down and thousands of patients turned away, costing the government ultimately more than $112 million.

Bluenoroff was formed specifically to obtain revenue for the North Korean government, the Treasury said.

Advertisement. Scroll to continue reading.

By hijacking the global banking transfer system SWIFT, by 2018 it had made attempts online to steal more that $1.1 billion from financial institutions.

Its biggest success, together with Lazarus, was the $80 million heist from Bangladesh’s central bank.

Andariel specializes in targeting businesses, government agencies and individuals. It has been known to steal bank card information and hack into ATMs, and to steal bank customer information to sell on the black market.

The Treasury said Andariel created unique malware to hack online gambling and poker sites.

The Treasury also cited online accounts to say the three groups “likely” stole $571 million in cryptocurrency from five Asian exchanges in 2017 and 2018.

The sanctions aim to lock anyone involved with the groups out of the global financial system and empower the US government to freeze any assets held under US jurisdiction.

In September 2018 the FBI charged North Korean Park Jin Hyok, allegedly a member of the Lazarus group, with conspiracy for multiple cyberattacks including the Sony Pictures attacks and the theft from the Central Bank of Bangladesh.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.