The United States is sanctioning three North
Korean hacking groups; the Lazarus Group,
Bluenoroff, and Andariel. The U.S. Department
of the Treasury claims the three groups are
behind a host of cyber attacks designed to
spy on adversaries and generate revenue for
Pyongyang’s controversial nuclear weapons
and ballistic missile programs. The sanctions
freeze all of the hacking groups’ property
and interests in the U.S., as well as those
of other entities that are owned 50 percent
or more by the three groups. They are controlled
by North Korea’s primary intelligence agency,
the Reconnaissance General Bureau, or RGB.
The RGB is already under U.S. and UN sanctions
as well. The U.S. seems to be keeping its
pressure campaign against the North while
seeking resumption of denuclearization talks.
This week Korea Now will look into the three
North Korean hacking groups and their main
hacking cases.
The best-known of the three sanctioned groups
is Lazarus, created by North Korean government
as early as 2007. The FBI tied Lazarus to
the 2014 hack of Sony Pictures. It destroyed
data on thousands of company computers and
published embarrassing emails from company
executives to avenge a film depicting the
assassination of North Korea’s leader. But
the best-known work widely attributed to Lazarus
was the WannaCry ransom worm outbreak in 2017.
Within hours, WannaCry had spread to 150 countries
and shut down an estimated 300,000 computers.
The new sanctions also apply to two Lazarus
subgroups. The first is known as Bluenoroff
and the other is Andariel. In 2016, Andariel
hacked into the then-South Korean defense
minister’s personal computer and the Defense
Ministry’s intranet in order to extract
military operations intelligence. Meanwhile,
Bluenoroff was behind a 2016 hack on a Bangladesh
central bank that almost got away with stealing
US$851 million. A typographical error prevented
the illicit transaction from going through,
but the attackers still made off with US$81
million.
In addition, the three North Korean groups
have also targeted virtual asset providers
and cryptocurrency exchanges. According to
the Treasury, the three hacking groups likely
stole around US$571 million in cryptocurrency
from five exchanges in Asia between January
2017 and September 2018. A recent UN report
estimated that North Korean hacking has generated
US$2 billion for the country’s weapons of
mass destruction programs.
The latest Treasury measures come just days
after US President Donald Trump fired his
national security adviser John Bolton known
for his hard-line stance against Pyongyang.
There had been speculation that Bolton's sacking
could signal Washington adopting a softer
stance toward North Korea. But the latest
announcement can be interpreted to the contrary.
The U.S. might want to keep its pressure against
the North while maintaining dialogue, leading
up to the resumption of their denuclearization
negotiations later this month. What are your
thoughts on this? Please let me know in the
comments below and thank you for watching
Korea Now.
