WASHINGTON — Three North Korean hacking groups suspected of perpetrating cyberattacks around the world were placed on a U.S. sanctions list on Friday, drawing attention to the isolated nation’s illegal efforts to fund its nuclear and ballistic missile programs.
The Treasury Department said the so-called Lazarus Group, Bluenoroff and Andariel are controlled by the North Korean government. It said Lazarus Group was behind the devastating WannaCry ransomware, which froze 300,000 computers across 150 countries in 2017, and the destructive cyberattack against Sony Pictures Entertainment in 2014.
Th Bluenoroff has successfully stolen money from Philippine banks.
The U.S. government’s action makes it easier to seize any assets the hacking groups may have within the jurisdiction of American financial institutions, though they are likely to be limited if they exist at all.
It may also have been intended to send a message and bring North Korea’s behavior into the light, said John Hultquist, director of intelligence analysis at cybersecurity firm FireEye.
“(T)hat’s important because this isn’t about two governments, this is about North Korea and the private financial sectors of countries all around the world,” Hultquist said. “It’s important to put a flag on it and get this information out there, even if it will come to no avail.”
U.N. experts have recently delved into North Korean use of cyberattacks to illegally raise money for weapons of mass destruction programs, investigating at least 35 instances in 17 countries. They have called for sanctions against ships providing gasoline and diesel to the country.
A summary of a U.N. experts report found that North Korea illegally acquired as much as $2 billion from its increasingly sophisticated cyber activities against financial institutions and cryptocurrency exchanges.
Lazarus Group, according to the U.S., has targeted government, military and financial institutions, manufacturing, international shipping, media and entertainment, as well as critical infrastructure, using cyber espionage, data theft, and other methods. Along with Bluenoroff, it stole roughly $80 million from the Central Bank of Bangladesh’s New York Federal Reserve account.
The U.S. believes Bluenoroff was created by North Korea to raise money in the face of increased global sanctions. The group has used phishing and backdoor intrusions to steal money from foreign financial institutions, targeting more than 16 organizations across 11 countries.
By 2018, the group is believed to have tried to steal more than $1.1 billion, and successfully stole from banks in Bangladesh, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Chile, and Vietnam.
Rep. Jim Langevin, a Rhode Island Democrat who co-chairs the Congressional Cybersecurity Caucus, said the WannaCry ransomware attacks and hacking of the SWIFT interbank messaging systems were both major incidents targeting critical civilian infrastructure.
“Responsible nations do not engage in this kind of destabilizing behavior, and we must take action to hold irresponsible states accountable,” said Langevin, who sits on the House Armed Services and Homeland Security committees.
The third hacking group partly focused on hacking South Korea’s government and infrastructure, the U.S. said. It also developed malware to hack online poker and gambling sites and tried to steal bank card information by hacking ATMs.
All three groups likely stole around $571 million in cryptocurrency from five exchanges in Asia between January 2017 and September 2018, according to the Treasury Department.