3 Alleged North Korean Hacker Groups Sanctioned By the U.S.

  • The Lazarus Group, Bluenoroff and Andariel have alegedly been responsible for hacking five exchanges in Asia between 2017 and 2018.
  • As a result of the sanctions, all assets owned by the hacking groups have been blocked, and must be reported to the Office of Foreign Assets Control (OFAC).
Kim Jong Un pictured at a recent meeting of the Central Committee of the Workers' Party of Korea

Kim Jong Un pictured at a recent meeting of the Central Committee of the Workers’ Party of Korea. Sky News

The United States Treasury Department has sanctioned three North Korea-sponsored hacker groups, which allegedly stole cryptocurrency, the agency announced in a press release.

According to the announcement, the Lazarus Group, Bluenoroff and Andariel are now on the Treasury Department’s sanctions list. The three cyber crime groups have allegedly been responsible for hacking five exchanges in Asia between 2017 and 2018, and stealing around $571 million in cryptocurrencies. The Treasury Under Secretary for Terrorism and Financial Intelligence, Sigal Mandelker, said:

“Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs. We will continue to enforce existing U.S. and UN sanctions against North Korea and work with the international community to improve cybersecurity of financial networks.”

The announcement further added that the Lazarus Group, also known as the Apple Worm and Guardians of Peace, has been responsible for the WannaCry 2.0 ransomware attack of 2017. Bluenoroff, also known as APT38 and Stardust Chollima, has allegedly stolen $80 million from the Central Bank of Bangladesh, and has also targeted cryptocurrency exchanges in the past. Finally, Andariel was said to be the one behind the 2016 hack into the South Korean Defense Minister’s personal computer. The three groups are under the control of North Korea, and its Reconnaissance General Bureau (RGB), the press release pointed out.

The Treasury Department believes that the stolen funds have been used for the development of nuclear weapons and ballistic missiles. As a result of the sanctions, all assets owned by the hacking groups have been blocked, and must be reported to the Office of Foreign Assets Control (OFAC). OFAC regulations further state that “U.S. persons” are prohibited from dealing with the sanctioned entities.

Earlier this month, North Korea denied the accusations that it has already obtained around $2 billion through major hacks of banks and cryptocurrency exchanges. The allegations came from a report, researched by independent experts, which was presented to the U.N. Security Council North Korea sanctions committee in July. The report claims that the DPRK has used “widespread and increasingly sophisticated” hacks to raise around $2 billion for its Weapons of Mass Destruction (WMD) program.

Discussion
Related Coverage
Authorities Reportedly Raid Nexo’s Bulgarian Offices
  • The probe into Nexo’s activities in Bulgaria was launched several months ago, after international services detected suspicious transactions aimed at circumventing Russian sanctions.
  • Reports suggest that Nexo is also being investigated for allegedly committing major financial crimes, and participating in money laundering activities.
January 12, 2023, 11:14 AM
nexo

Shutterstock

Blockchain.com to Restrict Accounts of Russian Users
  • Blockchain.com has warned Russian users that it will soon terminate support for its custodial and rewards services in the area.
  • The company gave Russian nationals until 27 October to withdraw all their assets from the platform, after which their accounts will be closed.
New EU Sanctions Ban Russian Crypto Payments
  • The European Union has banned all cross-border crypto transactions from Russia in its latest sanctions package, which removed the previous sanction cap of €10,000.
  • The move was in response to Russia’s annexation of Ukrainian territory through a “sham” referendum, and aims to deprive Russia’s military and industrial complex from key technologies.