The United States Treasury Department has sanctioned three North Korea-sponsored hacker groups, which allegedly stole cryptocurrency, the agency announced in a press release.

According to the announcement, the Lazarus Group, Bluenoroff and Andariel are now on the Treasury Department’s sanctions list. The three cyber crime groups have allegedly been responsible for hacking five exchanges in Asia between 2017 and 2018, and stealing around $571 million in cryptocurrencies. The Treasury Under Secretary for Terrorism and Financial Intelligence, Sigal Mandelker, said:

“Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs. We will continue to enforce existing U.S. and UN sanctions against North Korea and work with the international community to improve cybersecurity of financial networks.”


The announcement further added that the Lazarus Group, also known as the Apple Worm and Guardians of Peace, has been responsible for the WannaCry 2.0 ransomware attack of 2017. Bluenoroff, also known as APT38 and Stardust Chollima, has allegedly stolen $80 million from the Central Bank of Bangladesh, and has also targeted cryptocurrency exchanges in the past. Finally, Andariel was said to be the one behind the 2016 hack into the South Korean Defense Minister’s personal computer. The three groups are under the control of North Korea, and its Reconnaissance General Bureau (RGB), the press release pointed out.

The Treasury Department believes that the stolen funds have been used for the development of nuclear weapons and ballistic missiles. As a result of the sanctions, all assets owned by the hacking groups have been blocked, and must be reported to the Office of Foreign Assets Control (OFAC). OFAC regulations further state that “U.S. persons” are prohibited from dealing with the sanctioned entities.

Earlier this month, North Korea denied the accusations that it has already obtained around $2 billion through major hacks of banks and cryptocurrency exchanges. The allegations came from a report, researched by independent experts, which was presented to the U.N. Security Council North Korea sanctions committee in July. The report claims that the DPRK has used “widespread and increasingly sophisticated” hacks to raise around $2 billion for its Weapons of Mass Destruction (WMD) program.