On Friday, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced new sanctions against three North Korean cyber groups believed to be responsible for cyber-attacks on financial institutions, cryptocurrency exchanges, and other critical infrastructure.
In a press release announcing the news, Treasury identified the three state-sponsored hacking groups as Lazarus Group, Bluenoroff, and Andariel, and named them as “agencies, instrumentalities, or controlled entities of the Government of North Korea.” The U.S. claims that all three are controlled by North Korea’s main intelligence agency, The Reconnaissance General Bureau, or RGB.
Lazarus Group is the most well-known North Korean cyber group, and has been implicated in attacks on government, military, manufacturing, shipping, media, and other critical targets around the world. The group has reportedly used tactics ranging from cyber espionage and data theft to ransomware and other monetary heists. Lazarus was credited with the 2017 WannaCry 2.0 ransomware attacks that impacted more than 150 nations around the world.
According to Treasury, the Bluenoroff group is a subgroup of Lazarus specifically created by the North Korean government to engage in monetary heists that provide revenue to offset the effects of global economic sanctions. The group has been engaged in operations that targeted organizations in at least 11 countries, including the SWIFT system, banks and other financial institutions, and cryptocurrency exchanges.
Andariel has also been identified as a Lazarus subgroup, created to conduct malicious actions against foreign government agencies, businesses, defense industries, and financial services infrastructure. Like Bluenoroff, Andariel conducts revenue-generating operations, as well as attacks against South Korean infrastructure.
The press release described the effects of the new sanctions:
As a result of today’s action, all property and interests in property of these entities, and of any entities that are owned, directly or indirectly, 50 percent or more by the designated entities, that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. OFAC’s regulations generally prohibit all dealings by U.S. persons or within (or transiting) the United States that involve any property or interests in property of blocked or designated persons.
In addition, persons that engage in certain transactions with the entities designated today may themselves be exposed to designation. Furthermore, any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the entities designated today could be subject to U.S. correspondent account or payable-through sanctions.