Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

US Puts Sanctions on N.Korea Hacking Groups Behind Major Thefts

The US Treasury on Friday placed sanctions on three North Korea government-sponsored hacking operations which it said were behind the theft of possibly hundreds of millions of dollars and destructive cyber-attacks on infrastructure.

The US Treasury on Friday placed sanctions on three North Korea government-sponsored hacking operations which it said were behind the theft of possibly hundreds of millions of dollars and destructive cyber-attacks on infrastructure.

The Treasury said the three groups — dubbed Lazarus Group, Bluenoroff and Andariel — were behind major thefts from financial institutions and cryptocurrency exchanges, as well as the 2018 WannaCry hack that crippled Britain’s National Health Service.

All three are tied to the Reconnaissance General Bureau, Pyongyang’s main intelligence bureau, and are behind numerous malicious computer viruses as well as attempts to steal billions of dollars online to fund the North Korean government, the Treasury said.

“Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs,” said Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence.

“We will continue to enforce existing US and UN sanctions against North Korea and work with the international community to improve cybersecurity of financial networks,” she said in a statement.

Created in 2007, Lazarus group has been known for years. It was behind the malicious hack of Sony Pictures in 2014, as well as the WannaCry ransomware that spread to at least 150 countries in 2017.

The most heaviest hit was Britain’s public health system, with hospitals virtually shut down and thousands of patients turned away, costing the government ultimately more than $112 million.

Bluenoroff was formed specifically to obtain revenue for the North Korean government, the Treasury said.

By hijacking the global banking transfer system SWIFT, by 2018 it had made attempts online to steal more that $1.1 billion from financial institutions.

Its biggest success, together with Lazarus, was the $80 million heist from Bangladesh’s central bank.

Andariel specializes in targeting businesses, government agencies and individuals. It has been known to steal bank card information and hack into ATMs, and to steal bank customer information to sell on the black market.

The Treasury said Andariel created unique malware to hack online gambling and poker sites.

The Treasury also cited online accounts to say the three groups “likely” stole $571 million in cryptocurrency from five Asian exchanges in 2017 and 2018.

The sanctions aim to lock anyone involved with the groups out of the global financial system and empower the US government to freeze any assets held under US jurisdiction.

In September 2018 the FBI charged North Korean Park Jin Hyok, allegedly a member of the Lazarus group, with conspiracy for multiple cyberattacks including the Sony Pictures attacks and the theft from the Central Bank of Bangladesh.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Nation-State

FBI says a North Korea-linked threat group known as Lazarus and APT38 is behind the $100 million Horizon bridge cryptocurrency heist.

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.