The United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed strict sanctions on “ ,” “Bluenoroff,” and “Andariel,” three North Korean state-run hacking groups that have allegedly hacked several bitcoin trading venues, banks and other financial institutions, in an effort to fund the region’s nuclear weapons and ballistic missile programs, reports siliconAngle on September 15, 2019.
Three’s a Crowd
As part of efforts to cripple the operations of the Reconnaissance General Bureau (RGB), North Korea’s primary intelligence bureau that is also the agency in charge of the country’s malicious cyber activities and trading of deadly firearms and missiles, the U.S Department of the Treasury’s Office of Foreign Assets Control (OFAC), has sanctioned Lazarus, Bluenoroff and Andriel hacking groups.
Per sources close to the matter, the hacking groups have carried out numerous attacks on cryptocurrency exchanges, international shipping companies, and global financial institutions, pumping hundreds of millions generated through n these illicit activities into North Korea’s nuclear weapons and missile program.
In a press release on September 13, 2019, Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence declared that:
“Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs. We will continue enforcing existing U.S. and UN sanctions against North Korea and collaborate with international agencies to improve the cybersecurity of financial networks.”
Mode of Operation
Reportedly, the Lazarus Group which was created by the North Korean Government in 2007, is the most vicious of the three hacking groups.
Lazarus allegedly masterminded the 2.0 ransomware attack of December 2017, which shut down more than 300k computers around the globe, including the entire systems of the U.K’s National Health Service (NHS) and others.
In October 2018, research reports released by cybersecurity and threat intelligence firm, Group-IB, revealed that Lazarus had succeeded in stealing about $571 million worth of bitcoin and altcoins from cryptocurrency exchanges through high-profile hacks.
Notably, the Treasury Department has revealed that Bluenoroff and Andariel are sub-groups of Lazarus Group.
Bluenoroff was reportedly created by North Korea in a bid to earn illicit revenues to survive the U.S. sanctions and also generate funds for the nation’s ballistic missile projects.
Bluenoroff is alleged to have successfully carried out phishing and backdoor intrusion attacks on more than 16 organizations across 11 countries, including cryptocurrency exchanges, banks, and more.