North Korea hackers face US sanctions over crypto thefts

Getting your Trinity Audio player ready...

North Korea has been identified as the source of attacks on cryptocurrency exchanges, resulting in the losses of as much as $2 billion, if not more. The country has denied any involvement, but it’s difficult to believe virtually anything from a regime that is known for its atrocities against its people, including several alleged high-profile executions for what could only be equated to the severity of jaywalking. The U.S. Department of the Treasury (DoT) is so convinced that North Korea was involved that it has now issued new sanctions against a handful of cyber groups it says conducted the hacks.

The DoT issued a press release at the end of last week in which it states that its Office of Foreign Assets Control (OFAC) had placed sanctions against three state-sponsored groups in North Korea. It identified the three as Lazarus Group, already a well-known organized hacking team in the country, Andariel and Bluenoroff. All three, asserts OFAC, were working at the behest of the North Korean dictator, Kim Jong-un.

The DoT’s Under Secretary for Terrorism and Financial Intelligence, Sigal Mandelker, added in the release, “Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs. We will continue to enforce existing U.S. and UN sanctions against North Korea and work with the international community to improve cybersecurity of financial networks.”

Lazarus has been identified on numerous occasions as having led attacks on different institutions, including military, financial, government, entertainment and manufacturing entities. It has conducted cyber espionage, theft of money and data and introduced destructive malware as it seeks to disrupt daily operations around the globe. Lazarus has been traced back to the North Korean government and has been found to have been created by the regime as early as 2007.

The other two entities are reportedly subordinate groups of Lazarus. Bluenoroff is said to have been created by the government in order to steal money as a result of increased sanctions and the group conducts cyber attacks on financial institutions to support the regime. The DoT asserts that, by 2018, “Bluenoroff had attempted to steal over $1.1 billion dollars from financial institutions and, according to press reports, had successfully carried out such operations against banks in Bangladesh, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Chile, and Vietnam.”

Andariel first appeared on the cyber radar in 2015 and goes after foreign business, private corporations, financial services and government agencies. It has a penchant for South Korean targets, routinely going after them as it attempts to steal money and data and generally create havoc in that country.

Placing the groups on the sanctions list is more than just a political strategy. If anyone in the U.S. is found to be tied to any of the groups, that person could be tried for supporting terrorism. The relationship can be as simple as facilitating monetary transactions or as complex as establishing real estate holdings in the U.S. or any of its territories.