US sanctions three North Korean groups linked with multi-million dollar cyber attacks worldwide
These groups receive orders from North Korea's intelligence agency, the Reconnaissance General Bureau, says the US Treasury
The US Treasury has sanctioned three hacking groups linked with North Korea, claiming that they were behind the theft of millions of dollars from financial institutions worldwide to help fund Pyongyang's weapons programme.
The officials claimed that three hacking groups - given the names Lazarus, Bluenoroff and Andariel - have been behind a wave of cyber attacks targeting critical infrastructure, espionage in a bid to purloin military technology, and raising funds for North Korea's nuclear weapons and missile programmes. These groups receive orders from North Korea's intelligence agency, the Reconnaissance General Bureau (RGB).
The move highlights the US federal government's intention to identify the financial trail of cyber crime, especially those carried out by hostile nations. Legally, the move will make it easier for the assets that these groups may have within reach of US authorities to be seized.
The groups "likely stole around $571 million in cryptocurrency alone, from five exchanges in Asia between January 2017 and September 2018," the department claimed.
The largest and the most notorious of these groups is Lazarus (also known as Hidden Cobra), which according to US cyber-intelligence agencies, operates directly under RGB's highest authority, and also enjoys access to most resources.
Lazarus is linked to the 2014 cyber attack on Sony Pictures Entertainment. The attack was conducted in the run-up to the release of the comedy film "The Interview," about an inept assassination plot against North Korean leader Kim Jong-un.
However, the most destructive attack attributed to Lazarus was the WannaCry ransomware outbreak in 2017. The malware used a Windows exploit stolen from the US National Security Agency (NSA), which enabled the worm to spread quickly from one system to another without any user interaction. The attack affected nearly 300,000 computers in about 150 countries.
According to Treasury officials, Lazarus has targeted several government institutions, as well as financial, media, entertainment, manufacturing, publishing and shipping firms in multiple countries, using tactics that include destructive malware, money heists, cyberespionage, and data theft.
The Bluenoroff group (also known as APT38 or Stardust Chollima) was created to specifically target financial organisations in response to economic sanctions on North Korea.
During past five years, Bluenoroff has carried out attacks on banks in India, Bangladesh, South Korea, Vietnam, Mexico, Philippines, and several other countries, attempting to steal over $1.1 billion.
"Andariel" was first noticed in 2015 when it carried out attacks against several government and private organisations in South Korea. The group focuses on attacks targeting government agencies, financial services, and foreign businesses.
"Specifically, Andariel was observed by cyber security firms attempting to steal bank card information by hacking into ATMs to withdraw cash or steal customer information to later sell on the black market," the department claimed.
"Andariel is also responsible for developing and creating unique malware to hack into online poker and gambling sites to steal cash," it added.