U.S.Treasury Sanctions Three North Korean Hackers Group for Attacking on Critical Infrastructure

U.S. Department of the Treasury’s declare sanctions targeting three North Korean state-sponsored hacker group responsible for attacking Critical Infrastructure.

Office of Foreign Assets Control (OFAC) identified that three hacking groups namely “Lazarus Group,” “Bluenoroff,” and “Andariel” are controlled by North Korea’s primary intelligence bureau.

These groups are known for conducting large scale attack targeting government, military, financial, manufacturing, publishing, media, entertainment, and international shipping companies, as well as critical infrastructure

“Treasury is taking action against North Korean hacking groups that have been perpetrating cyberattacks to support illicit weapon and missile programs,” said Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence.

Cyber Attacks by North Korean Groups

The Lazarus Group was created as early as 2007, the group involved in massive hack attacks such as 2014 attack on Sony and WannaCry ransomware attack which affected more than 150 countries.

The group also responsible for 2016 Bangladeshi bank attacks and they illegally transfer US $81 Million by placing a custom malware in bank servers.

A subgroup of Lazarus Group dubbed Bluenoroff created the North Korean government to earn revenue illegally by attacking financial institutions and banks.

The Bluenoroff group work together with Lazarus Group and conducted attacks targeting more than 16 organizations across 11 countries including SWIFT messaging system and cryptocurrency exchanges.

The second sub-group of Lazarus Group is Andariel, it was spotted first on 2015 and it conducts malicious activities targeting foreign businesses, government agencies, financial services infrastructure, private corporations, and businesses, as well as the defense industry.

Andariel group focuses on stealing payment cards and hacking into ATMs to withdraw cash and to steal customer information.

“According to industry and press reporting, these three state-sponsored hacking groups likely stole around $571 million in cryptocurrency alone, from five exchanges in Asia between January 2017 and September 2018.”

Actions Taken

OFAC blocked all property and interests in property of these entities within the control of united states and prohibits U.S. citizens from doing any business with these groups.

“Treasury is taking action against North Korean hacking groups that have been perpetrating cyberattacks to support illicit weapon and missile programs,” said Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.