The North Korean regime is financially isolated from the world and has a huge weapons program that it refuses to shut down. However, the US government has now identified three hacking groups that were involved in critical security attacks on crypto firms and banks. These groups looted millions of dollars to help the weapons program run by North Korean dictator Kim Jong Un.
Hackers were greenlighted by the state
In a Friday statement, Treasury under-secretary for terrorism and financial intelligence Sigal Mandelker noted,
“Treasury is taking action against North Korean hacking groups that have been perpetrating cyber-attacks to support illicit weapon and missile programs. We will continue to enforce existing US and UN sanctions against North Korea and work with the international community to improve the cybersecurity of financial networks.”
According to the Treasury, all three groups were operated by the Reconnaissance General Bureau, the country’s leading intelligence agency. Three hackers were made to spy on the country’s adversaries and to launch attacks on different banks and cryptocurrency exchanges to bring funding for its weapons program.
Which groups were named?
The most well-known group in this list is Lazarus. The group first appeared in 2007 and has been active in targeting, media houses, entertainment firms, publishing companies, manufacturing firms, financial firms, and even the shipping industry. It has launched attacks on different governments and militaries as well.
Lazarus is also linked with the hack of Sony Pictures in 2014, which eventually led to data destruction on their network. The group was also behind the WannaCry ransomware that stunned over 300,000 computers across the globe in 2017. The ransomware made the UK hospitals cancel over 19,000 appointments because of which NHS lost a whopping $112 million.
The other two groups which faced the sanctions are Bluenoroff and Andariel. However, they are known to be subgroups within Lazarus, not independent operators. Of these, Bluenoroff was linked with a 2016 attack on Bangladesh central bank because of which it lost $81 million. It has also targeted banks in Vietnam, Taiwan, Chile, Pakistan, India, Mexico, South Korea, Turkey and the Philippines.
Andariel also targets government agencies, financial services, and international firms. It was first discovered targeting South Koreans in 2015. The team has been connected with an ATM network hack to steal bank card information. It also develops malware to be used on online gambling and poker sites. The three exchanges have reportedly stolen over $571 million from five Asian crypto exchanges between January 2017 and September 2018.