Perspective: RansomwareNorth Korean Hacking Groups Hit with Treasury Sanctions

Published 16 September 2019

The Department of the Treasury hit three North Korean groups with new sanctions Sept. 13 for conducting cyberattacks against critical infrastructure, including the infamous WannaCry ransomware attacks. Treasury’s Office of Foreign Asset Control announced that Lazarus Group, an advanced persistent threat believed to be working at the behest of the North Korean government and two of its subgroups, dubbed Bluenoroff and Andariel, was responsible for unleashing WannaCry, which wrought havoc across hospital and health care organizations in as well as other sectors in the United Kingdom and other industrial sectors in 2017, as well as the 2014 Sony hack.

The Department of the Treasury hit three North Korean groups with new sanctions Sept. 13 for conducting cyberattacks against critical infrastructure, including the infamous WannaCry ransomware attacks.

Derek B. Johnson writes in Cyberscoop that Treasury’s Office of Foreign Asset Control announced that Lazarus Group, an advanced persistent threat believed to be working at the behest of the North Korean government and two of its subgroups, dubbed Bluenoroff and Andariel, will have any U.S.-based or adjacent assets frozen and any organizations or financial institutions that do business with them are also at risk for designation.

Lazarus Group was identified by U.S. officials in late 2017 as the group responsible for unleashing WannaCry, which wrought havoc across hospital and health care organizations in as well as other sectors in the United Kingdom and other industrial sectors in 2017, as well as the 2014 Sony hack.

According to research from numerous threat intelligence firms, Bluenoroff is known for targeting financial institutions around the globe, including a 2016 heist that leveraged vulnerabilities in the SWIFT financial system to steal nearly $1 billion in illegal wire transfers from the Bank of Bangladesh. Andariel has focused on businesses, governments and other institutions in South Korea and other places, stealing bank and ATM card information and pilfering military secrets. All three groups are accused on conducting malicious cyber operations designed to steal money in order to fund North Korea’s missile and weapons programs.