US Sanctions Against N. Korean Hacking Groups

Uploaded on 2019-09-23 in GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE-Hot Spots-North Korea, INTELLIGENCE--USA, TECHNOLOGY--Hackers

The United States Treasury Department recently announced sanctions against three state-sponsored North Korean hacking groups that have been cyberattacking some US critical infrastructureThese hacking groups have also been accused of stealing possibly hundreds of millions of dollars from financial institutions around the world in order to fund the North Korean illicit weapons and missile programs. 

The three North Korean hacking groups in question are the well-known Lazarus Group, and its two sub-groups, Bluenoroff and Andariel.

The sanctions announced by the Treasury Department's Office of Foreign Assets Control (OFAC) claim that all the three groups are "agencies, instrumentalities, or controlled entities of the Government of North Korea" based on their relationship with Pyongyang's central intelligence bureau called the Reconnaissance General Bureau (RGB).

Specifically, the sanctions aim to lock any foreign financial institution who knowingly facilitated significant transactions or services for these hacking groups and freeze any asset associated with these three groups.

Hidden Cobra
The well-known group out of all is Lazarus Group, also known as Hidden Cobra and Guardians of Peace, that has allegedly been associated with several high-profile cyber-attacks, including Sony Pictures hack in 2014 and the WannaCry attack in 2017.

According to the Treasury's OFAC, the WannaCry attack hit several organizations in at least 150 countries, including the United States, Australia, Canada, New Zealand, and the United Kingdom, and shut down about 300,000 computers.
However, the fatal Wannacry hit was against the UK's National Health Service (NHS), with hospitals that provide intensive care units and other emergency services virtually shut down and over 19,000 appointments canceled, which cost the NHS more than $112 million.

The US Department of Justice last year also announced criminal charges against a N. Korean computer programmer, named Park Jin Hyok, in connection with the WannaCry ransomware attacks and Sony Pictures hack.

Bluenoroff
According to the Treasury Department, the Lazarus group formed its first sub-group, called Bluenoroff, specifically to obtain revenue for the North Korean government by targeting financial institutions around the world.

Since at least 2014, Bluenoroff had targeted the Society for Worldwide Interbank Financial Telecommunication (SWIFT), financial institutions, and cryptocurrency exchanges, using a variety of tactics like phishing and backdoor intrusions.
The group had successfully carried out such operations against over 16 organisations across 11 countries, including Bangladesh, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Chile, and Vietnam.

Bluenoroff's most notorious cyber-attack involving SWIFT being against the Central Bank of Bangladesh's New York Federal Reserve in 2016, when the group worked with Lazarus Group to take $81m from the Reserve account, while it attempted to steal $851m. 

Anadriel 
The second Lazarus Group sub-group, Andariel, has been specialised in conducting malicious cyber operations against foreign businesses, government agencies, financial services, private corporations, and the defense industry. 

Andariel was "observed by cyber-security firms attempting to steal bank card information by hacking into ATMs to withdraw cash or steal customer information to later sell on the black market," the Treasury said.The Treasury also said Andariel hackers created unique malware to hack online poker and gambling sites to steal cash. However, besides its criminal activities, Andariel continues to conduct cyber-attacks against South Korea government personnel and the South Korean military in an effort to gather intelligence and create disorder.

"One case spotted in September 2016 was a cyber intrusion into the personal computer of the South Korean Defense Minister in the office at that time and the Defense Ministry's intranet in order to extract military operations intelligence," the US Treasury said.

In addition, these three state-sponsored hacking groups likely managed to steal around $571 million in cryptocurrency alone, from at least five cryptocurrency exchanges in Asia between January 2017 and September 2018. 

The sanctioning of the three groups are the latest efforts of the US government to hold North Korean hackers accountable for cyber-attacks and to protect US financial systems and critical infrastructure against cyber-threats.

The Hacker News

You Might Also Read:

America Remains Vulnerable To Cyber Attack:

N. Korea Employs Grads For Cyber Warfare:

 

 

« Will Robots Be Allowed To Kill?
AI Is Changing The Cyber Security Landscape »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Paraben

Paraben

Paraben provides digital forensics solutions for mobile devices, smartphones, email, hard drives, and gaming system.

USNA Center for Cyber Security Studies

USNA Center for Cyber Security Studies

The mission of the Center for Cyber Security Studies is to enhance the education of midshipmen in all areas of cyber warfare.

National Crime Agency (NCA) - United Kingdom

National Crime Agency (NCA) - United Kingdom

The NCA's Cyber Crime Unit focuses on critical cyber incidents in the UK as well as longer-term activity against the criminals and the services on which they depend.

Cyberra Legal Services (CLS)

Cyberra Legal Services (CLS)

Cyberra Legal Services provides cyber law advisory, cyber crime consultancy, cyber law compliance audit, cyber security, cyber forensics and cyber training services.

sayTEC

sayTEC

sayTEC's mission is to develop and deliver next-generation products and services in encrypted data and voice transmission.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

XM Cyber

XM Cyber

XM Cyber is a leading hybrid cloud security company that’s changing the way innovative organizations approach cyber risk.

Internet Infrastructure Investigation

Internet Infrastructure Investigation

Internet Infrastructure Investigation offers a bespoke Internet Governance Solution to your brands online infringement problems.

Quantum Xchange

Quantum Xchange

As the provider of unbreakable quantum-safe encryption, Quantum Xchange gives commercial enterprises and government agencies the ultimate defense to keep high-value data safe.

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

Blue Lance

Blue Lance

Blue Lance is a global provider of cybersecurity governance solutions. Our software solutions automatically collect and store the information necessary for investigations, audit and compliance.

Lunio

Lunio

Lunio makes the internet a safer and more reliable place for everyone trying to grow their business by automatically getting rid of fake clicks, traffic, and leads on all ad platforms.

Sec-Ops

Sec-Ops

Sec-Ops is a forward thinking cyber security company, formed by a group of security enthusiasts with years of experience and backgrounds in the technology and the government industries.

Zeron

Zeron

Zeron build bridges between security teams and top management. Our platform unifies your cyber risk posture seamlessly, encompassing threat insights and quantifiable risk scenarios.

Oxygen Technologies

Oxygen Technologies

Oxygen Technologies is a business systems strategy and integration company offering a variety of solutions to give our clients ways to work smarter not harder.

BCX

BCX

BCX, a subsidiary within Telkom Group, is one of Africa’s largest systems integrator and digital transformation partners for enterprises and public sector organisations.