Security Experts:

Connect with us

Hi, what are you looking for?



US Puts Sanctions on N.Korea Hacking Groups Behind Major Thefts

The US Treasury on Friday placed sanctions on three North Korea government-sponsored hacking operations which it said were behind the theft of possibly hundreds of millions of dollars and destructive cyber-attacks on infrastructure.

The US Treasury on Friday placed sanctions on three North Korea government-sponsored hacking operations which it said were behind the theft of possibly hundreds of millions of dollars and destructive cyber-attacks on infrastructure.

The Treasury said the three groups — dubbed Lazarus Group, Bluenoroff and Andariel — were behind major thefts from financial institutions and cryptocurrency exchanges, as well as the 2018 WannaCry hack that crippled Britain’s National Health Service.

All three are tied to the Reconnaissance General Bureau, Pyongyang’s main intelligence bureau, and are behind numerous malicious computer viruses as well as attempts to steal billions of dollars online to fund the North Korean government, the Treasury said.

“Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs,” said Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence.

“We will continue to enforce existing US and UN sanctions against North Korea and work with the international community to improve cybersecurity of financial networks,” she said in a statement.

Created in 2007, Lazarus group has been known for years. It was behind the malicious hack of Sony Pictures in 2014, as well as the WannaCry ransomware that spread to at least 150 countries in 2017.

The most heaviest hit was Britain’s public health system, with hospitals virtually shut down and thousands of patients turned away, costing the government ultimately more than $112 million.

Bluenoroff was formed specifically to obtain revenue for the North Korean government, the Treasury said.

By hijacking the global banking transfer system SWIFT, by 2018 it had made attempts online to steal more that $1.1 billion from financial institutions.

Its biggest success, together with Lazarus, was the $80 million heist from Bangladesh’s central bank.

Andariel specializes in targeting businesses, government agencies and individuals. It has been known to steal bank card information and hack into ATMs, and to steal bank customer information to sell on the black market.

The Treasury said Andariel created unique malware to hack online gambling and poker sites.

The Treasury also cited online accounts to say the three groups “likely” stole $571 million in cryptocurrency from five Asian exchanges in 2017 and 2018.

The sanctions aim to lock anyone involved with the groups out of the global financial system and empower the US government to freeze any assets held under US jurisdiction.

In September 2018 the FBI charged North Korean Park Jin Hyok, allegedly a member of the Lazarus group, with conspiracy for multiple cyberattacks including the Sony Pictures attacks and the theft from the Central Bank of Bangladesh.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...