

The U.S. Department of Treasury imposed sanctions against three North Korean hacking groups on Friday in the latest crackdown targeting hacking from the rouge state.
The hacking groups are alleged to have stolen hundreds of millions from global financial institutions, with the money being funneled back for use by North Korea in the development of weapons and missile programs. Those attacks include the targeting of banks, ATM networks, cryptocurrency exchanges, gambling sites and even online casinos.
The sanctioned hacking groups were named as Bluenoroff, Andarial and the Lazarus Group. The department said all three operated on orders from the North Korea’s Reconnaissance General Bureau, the country’s main intelligence body.
Of the three, the Lazarus Group is by far the best-known. The hacking group has a long history of hacking high-profile targets. Also linked to the WannaCry ransomware in 2017, the group is believed to have been involved with the hack of Sony Corp. in 2014 as well as attempts to hack South Korean cryptocurrency exchanges in 2016. It most recently made headlines in February 2018 when it launched a new campaign targeting banks and bitcoin users.
The other two groups are not as well-known. According to Wikipedia, both Bluenorff and Andarial are “units” of the Lazarus Group, though Treasury officials refer to them as “sub-groups.” In a statement, the Department said Bluenoroff had been created to specifically hack banks and financial institutions.
“Bluenoroff conducts malicious cyber activity in the form of cyber-enabled heists against foreign financial institutions on behalf of the North Korean regime to generate revenue, in part, for its growing nuclear weapons and ballistic missile programs,” the department said.
Andariel is said to have established to focus on malicious cyberattacks targeting foreign businesses, government agencies, financial services infrastructure, private corporations and businesses as well as the defense industry. The unit seeks to gain cash for the North Korean government as well as target the South Korean government and South Korean military to gather intelligence.
Given that all three operate within North Korea, the sanctions will more than likely have zero influence on their activities. But if they are stupid enough to have assets in the U.S., then the Treasury sanctions allows them to seized. Possibly the more serious part of the sanctions is that they extend to anyone who does business with the groups as well.
“Furthermore, any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the entities designated today could be subject to U.S. correspondent account or payable-through sanctions,” the department said.
THANK YOU