US Treasury sanctions three North Korean hacking groups
One firm is believed to be behind the 2014 cyber attack against Sony
Three North Korean hacking groups suspected of perpetrating cyber attacks around the world were placed on a US sanctions list on Friday, drawing attention to the isolated nation's illegal efforts to fund its nuclear and ballistic missile programs.
The Treasury Department said the so-called Lazarus Group, Bluenoroff and Andariel are controlled by the North Korean government. It said Lazarus Group was behind the devastating WannaCry ransomware, which froze 300,000 computers across 150 countries in 2017, and the destructive cyber attack against Sony Pictures Entertainment in 2014.
The US government's action makes it easier to seize any assets the hacking groups may have within the jurisdiction of American financial institutions, though they are likely to be limited if they exist at all.
It may also have been intended to send a message and bring North Korea's behaviour into the light, said John Hultquist, director of intelligence analysis at cybersecurity firm FireEye.
"(T)hat's important because this isn't about two governments, this is about North Korea and the private financial sectors of countries all around the world," Mr Hultquist said. "It's important to put a flag on it and get this information out there, even if it will come to no avail."
UN experts have recently delved into North Korean use of cyber attacks to illegally raise money for weapons of mass destruction programs, investigating at least 35 instances in 17 countries. They have called for sanctions against ships providing gasoline and diesel to the country.
A summary of a UN experts report found that North Korea illegally acquired as much as $2 billion from its increasingly sophisticated cyber activities against financial institutions and cryptocurrency exchanges.
Lazarus Group, according to the US, has targeted government, military and financial institutions, manufacturing, international shipping, media and entertainment, as well as critical infrastructure, using cyber espionage, data theft, and other methods. Along with Bluenoroff, it stole roughly $80 million from the Central Bank of Bangladesh's New York Federal Reserve account.
The US believes Bluenoroff was created by North Korea to raise money in the face of increased global sanctions. The group has used phishing and backdoor intrusions to steal money from foreign financial institutions, targeting more than 16 organisations across 11 countries.
By 2018, the group is believed to have tried to steal more than $1.1 billion, and successfully stole from banks in Bangladesh, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Chile, and Vietnam.
Jim Langevin, a Rhode Island Democrat who co-chairs the Congressional Cybersecurity Caucus, said the WannaCry ransomware attacks and hacking of the SWIFT interbank messaging systems were both major incidents targeting critical civilian infrastructure.
"Responsible nations do not engage in this kind of destabilising behaviour, and we must take action to hold irresponsible states accountable," said Langevin, who sits on the House Armed Services and Homeland Security committees.
The third hacking group partly focused on hacking South Korea's government and infrastructure, the U.S. said. It also developed malware to hack online poker and gambling sites and tried to steal bank card information by hacking ATMs.
All three groups likely stole around $571 million in cryptocurrency from five exchanges in Asia between January 2017 and September 2018, according to the Treasury Department.
Updated: September 15, 2019 01:06 AM