Sanctions for North Korean hacking groups


The US Treasury announced sanctions on three North Korean hacking groups it said were involved in “WannaCry” ransomware attacks and hacking international banks and customer accounts.

It named the groups as Lazarus Group, Bluenoroff and Andariel and said they were controlled by the RGB, North Korea’s primary intelligence bureau, already subject to US and United Nations sanctions.

The action blocks any US-related assets of the groups and prohibits dealings with them. The Treasury statement said any foreign financial institution knowingly facilitating significant transactions or services for them could be subject to sanctions.

“Treasury is taking action against North Korean hacking groups perpetrating cyber -attacks to support illicit weapon and missile programmes,” said Sigal Mandelker, Treasury under-secretary for Terrorism and Financial Intelligence.

“We will continue enforcing existing US and UN sanctions against North Korea and work with the international community to improve cybersecurity of financial networks.”

The United States is attempting to restart talks with North Korea, aimed at pressing the country to give up nuclear weapons. The talks stalled over North Korean demands for concessions, including sanctions relief.

Earlier this month, North Korea denied UN allegations it obtained $2 billion through cyberattacks on banks and cryptocurrency exchanges and accused the United States of spreading rumours.

The Treasury statement said Lazarus Group was involved in the WannaCry ransomware attack the United States, Australia, Canada, New Zealand and the United Kingdom publicly attributed to North Korea in December 2017.

It said WannaCry affected at least 150 countries and shut down about 300 000 computers, many in Britain’s National Health Service (NHS). The NHS attack led to cancellation of more than 19 000 appointments and ultimately cost the service over $112 million, the biggest known ransomware attack in history.

The Treasury said Lazarus Group was directly responsible for 2014 cyber-attacks on Sony Pictures Entertainment.

The statement cited industry and press reporting as saying by 2018, Bluenoroff attempted to steal over $1.1 billion from financial institutions and successfully carried out operations against banks in Bangladesh, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Chile and Vietnam.

It said Bluenoroff worked with Lazarus Group to steal approximately $80 million from the Central Bank of Bangladesh’s New York Federal Reserve account.

Andariel was observed by cyber security firms attempting to steal bank card information by hacking into ATMs to withdraw cash or steal customer information to sell on the black market, the statement said.

Andariel was responsible for developing and creating malware to hack into online poker and gambling sites and, according to industry and press reporting, targeted the South Korea government military in an effort to gather intelligence, it said.