US Sanctions Against N. Korean Hacking Groups

The United States Treasury Department recently announced sanctions against three state-sponsored North Korean hacking groups that have been cyberattacking some US critical infrastructureThese hacking groups have also been accused of stealing possibly hundreds of millions of dollars from financial institutions around the world in order to fund the North Korean illicit weapons and missile programs. 

The three North Korean hacking groups in question are the well-known Lazarus Group, and its two sub-groups, Bluenoroff and Andariel.

The sanctions announced by the Treasury Department's Office of Foreign Assets Control (OFAC) claim that all the three groups are "agencies, instrumentalities, or controlled entities of the Government of North Korea" based on their relationship with Pyongyang's central intelligence bureau called the Reconnaissance General Bureau (RGB).

Specifically, the sanctions aim to lock any foreign financial institution who knowingly facilitated significant transactions or services for these hacking groups and freeze any asset associated with these three groups.

Hidden Cobra
The well-known group out of all is Lazarus Group, also known as Hidden Cobra and Guardians of Peace, that has allegedly been associated with several high-profile cyber-attacks, including Sony Pictures hack in 2014 and the WannaCry attack in 2017.

According to the Treasury's OFAC, the WannaCry attack hit several organizations in at least 150 countries, including the United States, Australia, Canada, New Zealand, and the United Kingdom, and shut down about 300,000 computers.
However, the fatal Wannacry hit was against the UK's National Health Service (NHS), with hospitals that provide intensive care units and other emergency services virtually shut down and over 19,000 appointments canceled, which cost the NHS more than $112 million.

The US Department of Justice last year also announced criminal charges against a N. Korean computer programmer, named Park Jin Hyok, in connection with the WannaCry ransomware attacks and Sony Pictures hack.

Bluenoroff
According to the Treasury Department, the Lazarus group formed its first sub-group, called Bluenoroff, specifically to obtain revenue for the North Korean government by targeting financial institutions around the world.

Since at least 2014, Bluenoroff had targeted the Society for Worldwide Interbank Financial Telecommunication (SWIFT), financial institutions, and cryptocurrency exchanges, using a variety of tactics like phishing and backdoor intrusions.
The group had successfully carried out such operations against over 16 organisations across 11 countries, including Bangladesh, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Chile, and Vietnam.

Bluenoroff's most notorious cyber-attack involving SWIFT being against the Central Bank of Bangladesh's New York Federal Reserve in 2016, when the group worked with Lazarus Group to take $81m from the Reserve account, while it attempted to steal $851m. 

Anadriel 
The second Lazarus Group sub-group, Andariel, has been specialised in conducting malicious cyber operations against foreign businesses, government agencies, financial services, private corporations, and the defense industry. 

Andariel was "observed by cyber-security firms attempting to steal bank card information by hacking into ATMs to withdraw cash or steal customer information to later sell on the black market," the Treasury said.The Treasury also said Andariel hackers created unique malware to hack online poker and gambling sites to steal cash. However, besides its criminal activities, Andariel continues to conduct cyber-attacks against South Korea government personnel and the South Korean military in an effort to gather intelligence and create disorder.

"One case spotted in September 2016 was a cyber intrusion into the personal computer of the South Korean Defense Minister in the office at that time and the Defense Ministry's intranet in order to extract military operations intelligence," the US Treasury said.

In addition, these three state-sponsored hacking groups likely managed to steal around $571 million in cryptocurrency alone, from at least five cryptocurrency exchanges in Asia between January 2017 and September 2018. 

The sanctioning of the three groups are the latest efforts of the US government to hold North Korean hackers accountable for cyber-attacks and to protect US financial systems and critical infrastructure against cyber-threats.

The Hacker News

You Might Also Read:

America Remains Vulnerable To Cyber Attack:

N. Korea Employs Grads For Cyber Warfare:

 

 

« Will Robots Be Allowed To Kill?
AI Is Changing The Cyber Security Landscape »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cynet

Cynet

Cynet simplifies security by providing a rapidly deployed, comprehensive platform for detection, prevention and automated response to advanced threats with near-zero false positives.

ShmooCon

ShmooCon

ShmooCon is an annual east coast hacker convention offering three days of demonstrations and discussions of critical infosec issues.

Keyfactor

Keyfactor

Keyfactor is a leader in cloud-first PKI as-a-Service and crypto-agility solutions. Our Crypto-Agility Platform seamlessly orchestrates every key and certificate across the enterprise.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

ThreatSpike Labs

ThreatSpike Labs

ThreatSpike Labs provides the first end-to-end fully managed security service for companies of all sizes.

Kingsley Napley

Kingsley Napley

Cyber crime is an area of growing legal complexity. Our team of cyber crime lawyers have vast experience of the law in this area.

CultureAI

CultureAI

CultureAI deliver intelligent cyber security awareness education and tools that build resilient security cultures where employees help defend.

Marvell Technology Group

Marvell Technology Group

Marvell is a semiconductor company providing solutions for storage, processing, networking, security and connectivity.

Arc4dia Labs

Arc4dia Labs

Arc4dia have developed SNOW, a cyber security solution to combat the world’s most sophisticated cyber threats.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

AlJammaz Technologies

AlJammaz Technologies

AlJammaz Technologies is the leading Technology Value-Added Distributor, which distributes advanced technology products, solutions and services in area including networking and cybersecurity.

Association of anti Virus Asia Researchers (AVAR)

Association of anti Virus Asia Researchers (AVAR)

AVAR's mission is to prevent the spread of and damage caused by malicious software, and to develop cooperative relationships among anti-malware experts in Asia.

Hub71

Hub71

Hub71 is a world-class tech ecosystem opening doors to global opportunities from an optimal business environment for entrepreneurial-minded innovators.

Rausch Advisory Services

Rausch Advisory Services

Rausch delivers solutions that address compliance, enterprise risk, information technology and human resource capital.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

Harmonic Security

Harmonic Security

Harmonic Security helps companies to adopt Generative AI without risking the security and privacy of their data.