US authorities impose sanctions on North Korean hack groups Lazarus, Bluenoroff and Andarial

The US Treasury has announced that it is imposes sanctions on three groups of “governmental” hackers from North Korea (Lazarus, Bluenoroff and Andarial), who carried out a number of devastating attacks on critical US infrastructure and stole hundreds of millions of dollars from financial institutions around the world.

U.S. authorities claim that the North Korean government can use the stolen funds to finance weapons programs and create missiles.

“The ministry is taking action against cybercriminals that participate in the attacks, which result in financial support of illicit weapons programs”, – said Sigal Mandelker, Deputy Minister of Finance for Terrorism and Financial Intelligence.

The sanctions imposed by the U.S. Foreign Assets Control Office are designed to block any foreign financial institutions that knowingly facilitate large transactions or provide other services to these hack groups, as well as freeze any assets associated with them.

The most famous of the three hack groups is undoubtedly Lazarus, aka Hidden Cobra. It is believed that it is the largest one and operates under the direct supervision of the Main Intelligence Directorate of North Korea.

One of the most famous campaigns that can be attributed to this group is the hacking of Sony Pictures Entertainment in 2014, as well as the WannaCry ransomware epidemic in 2016.

However, treasury officials say Lazarus also targets state, military, financial, manufacturing, publishing, media, entertainment, and shipping companies, as well as critical infrastructure.

The second group, Bluenoroff (aka APT38 or Stardust Chollima), according to US authorities, was created specifically for hacking banks and financial institutions, and became a kind of response of the North Korean government to the strengthening of global sanctions.

Since 2014, this group has robbed a number of financial institutions in Bangladesh, India, Mexico, Pakistan, the Philippines, South Korea, Taiwan, Turkey, Chile and Vietnam.

Read also: Bug in iOS 13 allows bypassing the lock screen and open the address book

The most famous hack in the Bluenoroff account remains a failed attempt to steal a billion dollars from the Central Bank of Bangladesh, which failed due to a typo.

The third group, Andarial, has been active since 2015 and, according to Treasury officials, often mixes cyber espionage with other operations. It is reported that this hack group often attacks South Korea’s infrastructure “to collect information and provoke unrest”, but also participated in the theft of bank card data, hacking ATMs to extract cash, and also stole user data for subsequent sale on the black market.