The Trump administration accuses three North Korean hacking groups of carrying out attacks targeting critical infrastructure and stealing millions of dollars from banks, cryptocurrency exchanges and more. to enable the country to fund weapons and missile systems programs.
All three groups are controlled by North Korea's first intelligence bureau, the Reconnaissance General Bureau, or simply RGB, according to the US Treasury Department. were published the manufacture.
These groups are behind a number of cyber attacks aimed at spying on the country's adversaries as well as generating revenue for nuclear weapons and ballistic missile programs.
Sigal Mandelker Deputy Minister of Finance and Financial Information of the Ministry of Finance said:
The Ministry of Finance is taking action against 3 North Korean hacking groups that are carrying out cyber attacks for the acquisition of illegal weapons and missile programs.
We will continue to impose existing US and UN sanctions against North Korea and work with the international community to improve cyber security.
The best known of the three hacking groups is the Lazarus group. The name has been given to the group since 2007 and targets the military, governments and companies in the economy, construction, publishing, media, entertainment and shipping sectors.
The FBI linked the Lazarus team to the 2014 hack on Sony Pictures who destroyed data on thousands of the company's computers and posted annoying emails to company executives in retaliation for the production of a film depicting the assassination of the North Korean leader.
The work of the same team was also WannaCry which had spread to 150 countries and disbanded about 300.000 computers. Many hospitals in the UK have been hit hard, with more than 19.000 appointments canceled. The losses of the National Health Service reached 112 million dollars.
But the US is also accusing two subgroups of Lazarus.
The first hacking group from these subgroups is known as Bluenoroff. The group was created as a means to earn revenue after increased global sanctions against the North Korean government. This is the team behind a 2016 hit at a Bangladeshi central bank. The hackers managed to steal a total of $ 851 million, and would have continued unmolested if a typographical error had not prevented one of the illegal transactions, resulting in an alarm. Despite the typographical error of the last transaction, the attackers managed to leave with 81 million dollars.
Bluenoroff has also successfully hacked banks in India, Mexico, Pakistan, the Philippines, South Korea, Taiwan, Turkey, Chile and Vietnam.
Security companies such as Symantec and FireEye have documented the work of this subgroup of the Lazarus hacking group as they systematically exploited the weaknesses of the SWIFT payment network used by banks around the world. The name Bluenoroff was coined in 2017 by Kaspersky Lab researchers, who were the first to report that the group was an autonomous unit of the Lazarus hacking group. The group name was based on a tool it used called "nroff_b.exe".
The other subgroup of Lazarus hacking group is known as "Andariel". It focuses on hacks targeting foreign companies, financial services and government agencies. Security companies first spotted Adariel around 2015 when it hit targets in South Korea. Discovered by the South Korean Internet and Security Agency, or Kisa.
Trend Micro has publish the following image, which accurately shows the work of North Korean hacking groups:
Friday's announcement also said North Korea's three hacking groups may have stolen $ 571 million in cryptocurrencies from five stock exchanges in Asia from January 2017 to September 2018. News agencies such as Reuters reported that the United believe that the hacking of North Korean groups has brought in $ 2 billion in profits that have been used for weapons of mass destruction programs.
It is unclear how the sanctions announced will affect North Korea, as if the UN estimate of $ 2 billion is correct, it is hard to imagine that Friday's announcement would have any practical effect.
Unless it's another Trump administration propaganda game that has (?) Only bargaining power…