The Trump administration on Friday sanctioned three “malicious” cyber groups tied to North Korea, saying their illicit activities helped to fund the secretive regime’s missile programs.
Treasury officials said the Lazarus Group and two subgroups, Bluenoroff and Andariel, have targeted governments, media groups and shipping companies and are responsible for an array of crimes, from stealing data to launching malware and swiping money from bank accounts to fill Pyongyang’s coffers as international sanctions took hold.
U.S. officials traced the groups’ activities back to the RGB, which is Pyongyang’s main intelligence bureau.
“Treasury is taking action against North Korean hacking groups that have been perpetrating cyberattacks to support illicit weapon and missile programs,” said Sigal Mandelker, Treasury’s undersecretary for terrorism and financial intelligence. “We will continue to enforce existing U.S. and U.N. sanctions against North Korea and work with the international community to improve cybersecurity of financial networks.”
U.S. officials said the Lazarus Group was responsible for the well-known attack on Sony Pictures Entertainment in 2014.
Treasury officials also said Lazarus launched the WannaCry 2.0 attack in December 2017 that affected 150 countries and shut down 300,000 computers, including those operating the National Health Service in the U.K.
The attacks forced the cancelation of more than 19,000 appointments and cost the NHS over $112 million, “making it the biggest known ransomware outbreak in history,” Treasury said.
Treasury officials said subgroup Bluenoroff was formed to steal money from foreign banks as a way to raise money amid the squeeze of foreign sanctions on North Korea.
The secretive Asian nation was attempting, in part, to fund its growing weapons and ballistics programs, according to the department.
In one case, hackers stole about $80 million from the Central Bank of Bangladesh’s New York Federal Reserve account.
The third group, Andariel, is responsible for hacking ATMs, bank-customer records and online poker websites to steal cash.
• Tom Howell Jr. can be reached at thowell@washingtontimes.com.
Please read our comment policy before commenting.