U.S. Department of Treasury imposes sanctions targeting three North-Korean hacking groups

• The three threat actor groups are Lazarus, Bluenoroff, and Andariel.
• OFAC believes that these groups are controlled by Pyongyang’s primary intelligence bureau, Reconnaissance General Bureau (RGB).

The Office of Foreign Assets Control (OFAC) has identified three North-Korean hacking groups that are responsible for widespread attacks on critical infrastructures. The three threat actor groups are Lazarus, Bluenoroff, and Andariel. OFAC believes that these groups are controlled by Pyongyang’s primary intelligence bureau, Reconnaissance General Bureau (RGB). Hence, it has effectively demanded that global banks should block any transactions related to the groups.

What are the targets?

These groups are known for conducting large scale attacks against the government, military, financial, manufacturing, publishing, media, entertainment, and international shipping companies.

“Treasury is taking action against North Korean hacking groups that have been perpetrating cyberattacks to support illicit weapon and missile programs,” said Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence.

About Lazarus group

Lazarus is the largest and best known of all three. It has been blamed for the destructive attack on Sony Pictures Entertainment in 2014 and the WannaCry ransomware breakout in May 2016.

The group operates under the highest authority of the RGB and has access to most resources. Treasury officials said the Lazarus Group is a subordinate to the 110th Research Center under the 3rd Bureau of the RGB.

The financial losses caused by this group are unknown, but their operations make them the most dangerous and well-known of the three.

About Bluenoroff group

Bluenoroff group was formed by the North Korean government to earn revenue illicitly in response to increased global sanctions. The group conducts malicious cyber activity in the form of cyber-enabled heists against foreign institutions on behalf of the North Korean regime to generate revenue. This funding is later invested in nuclear weapons and ballistic missile programs.

Since 2014, the group has conducted cyber-heists against banks in Bangladesh, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Chile, and Vietnam.

About Andariel group

This group has been active since 2015. According to Treasury officials, the group often mixes cyber-espionage with cybercrime operations. They have often been targeting South Korea’s government and infrastructure with an aim to collect information and to create disorder.

They have also been observed stealing bank card information by hacking into ATMs to withdraw cash or steal customer information, which could be later sold on the black market. Furthermore, Andariel is also responsible for developing and creating unique malware to hack into online poker and gambling sites to steal cash.

Worth noting

“According to industry and press reporting, these three state-sponsored hacking groups likely stole around $571 million in cryptocurrency alone, from five exchanges in Asia between January 2017 and September 2018,” OFAC said in a press release.

Following the discovery, OFAC has blocked all property and interests which are in favor of these entities. It has also prohibited U.S. citizens from doing any business with these groups.