As reported by Reuters, the United States Treasury has announced sanctions on the hacking groups known as “Lazarus Group”, “BlueNorOff”, and “Andariel”. These groups have ties with North Korea’s RGB (intelligence agency), which has already been sanctioned by the U.S. and the United Nations. What this means is that no U.S.-related assets belonging to these groups will be accessible anymore, and no entities will be allowed to do dealings with them. In this context, any foreign financial institution that facilitated transactions or services for the three groups will also be sanctioned soon.
The U.S. Treasure believes that the three hacking groups are responsible for “WannaCry” ransomware attacks, bank hacking operations that resulted in substantial financial losses for the targeted institutes, and massive BEC operations. As Sigal Mandelker, the secretary for Terrorism and Financial Intelligence points out, the money that was made via these illicit activities was used to fund nuclear weapon and long-range missile programs. The bureau believes that North Korea had no other financial means to run these costly programs, and the amounts of money that were stolen through hacking operations were large enough to support them.
The list of the countries that suffered attacks from the Lazarus group is endless. In the start of the year, we covered a story about how Lazarus managed to infect an inter-banking network with the “PowerRatankba” malware, compromising 3688 Chilean ATMs. However, this was only a recent example of the Lazarus activity, as the group has been active since at least 2014 when they attacked Sony Picture Entertainment. Similarly, BlueNorOff has been targeting banks in many Asian and South American countries since last year. The U.S. Treasury is confident that it’s responsible for stealing at least $80 million from the Central Bank of Bangladesh.
Whereas the Lazarus Group contributed their network infiltration expertise, and BlueNorOff specialized in banking hacks and money-stealing transfers, Andariel maintained its focus on the development of malware tools. These original and highly specialized malware tools were used to hack into online poker and casino websites, either to gather intelligence or to steal money. This shows that the three hacking groups were complementing each other’s expertise, and worked as a collaborating entity that had common goals set by the RGB.
Have something to comment on the above? Feel free to do so in the comments down below, or on our socials, on Facebook and Twitter.