According to a press release published on September 13th, the U.S. Department Of The Treasury is sanctioning three North Korean state-sponsored malicious cyber groups, known by the names of Andariel, the Lazarus Group and Bluenoroff. All have targeted and employed cryptocurrency for their nefarious purposes.
In a statement released by the department, the Treasury’s Under Secretary for Terrorism and Financial intelligence Sigal Mandelker commented:
“Treasury is taking action against North Korean hacking groups that have been perpetrating cyberattacks to support illicit weapon and missile programs.”
Mandelker threatened to further the sanctions according to the laws set by the U.S. and UN, to ensure that financial networks of the country have strong cyber-security.
All three of the stated groups have a past history of malicious online activity. Established in 2007 by a North Korean company, the Lazarus Group has been a part of multiple cyber-attacks in U.S., Canada and the UK. One of its famous cyber-attacks was a well-documented attack on SPE (Sony Pictures Entertainment), back in 2014.
It was also behind the infamous WannaCry 2.0 ransomware attack of 2017. WannaCry was responsible for shutting down around 300,000 computers around the world, effecting 150 countries in total. One of its major victims was UK’s National Health Service (NHS).
Bluenoroff was a sub-group of the Lazarus group, and was created by the North Korean government to generate extra revenue by carrying out cyber-attacks on international financial firms and crypto exchanges. It was reported that by 2018, Bluenoroff had targeted financial institutions and banks in countries like India, Pakistan, Mexico, Bangladesh, Vietnam, Chile, Taiwan, Turkey, South Korea and Philippines, and had attempted to steal approximately $1.1 billion.
These two groups, Bluenoroff and Lazarus, have previously worked together to target the Central Bank of Bangladesh in an attempt to steal $851 million from the bank. They were able to steal funds worth $80 million, before a typographical error alerted the bank.
Another sub-group of Lazarus, Andariel, has been involved in attempting to hack into ATMs to steal personal information and credit card numbers of the users. It is also famous for creating malware that can attack online poker and gambling sites.
Interestingly, these groups are highly active in the cryptocurrency sphere. According to reports, these three groups are responsible for stealing approximately $571 million worth of cryptocurrency in Asia from January 2017 to September 2018.
According to the new sanctions imposed by the U.S. government, all properties owned by these entities are now blocked and must be reported to the government. All dealings are now prohibited with these groups.