The Trump administration charges three hacking North Korean groups for carrying out attacks targeting critical infrastructure and stealing millions of dollars from banks, cryptocurrency exchanges, etc. to enable the country to finance its weapons and missile systems programs.
All three groups are controlled by North Korea's first intelligence bureau, the Reconnaissance General Bureau, or simply RGB, according to the US Treasury Department. were published the manufacture.
These groups are behind a number of cyber attacks aimed at spying on the country's adversaries as well as generating revenue for nuclear weapons and ballistic missile programs.
Sigal Mandelker Deputy Minister of Finance and Financial Information of the Ministry of Finance said:
The Ministry of Finance is taking action against 3 North Korean hacking groups that are carrying out cyber attacks for the acquisition of illegal weapons and missile programs.
We will continue to impose existing US and UN sanctions against North Korea and work with the international community to improve cyber security.
The best known of the three hacking groups is the Lazarus group. The name has been given to the group since 2007 and targets military, government and companies in the economy, constructions, publishing, media, entertainment and shipping.
The FBI linked the Lazarus team to the 2014 hack on Sony Pictures that destroyed data on thousands of company computers and published disturbing emails post officey to company executives to avenge the production of a film that depicted the assassination of the North Korean leader.
The work of the same team was also WannaCry which had spread to 150 countries and compromised approximately 300.000 computers. Many hospitals in the UK were hit particularly hard, resulting in cancellation of more than 19.000 appointments. The losses of the country's National Health Service reached 112 million dollars.
But the US is also accusing two subgroups of Lazarus.
The first hacking group of these subgroups is known as Bluenoroff. The group was created as a means to earn revenue following increased global sanctions against the North Korean government. This is the group behind a 2016 hit on a central bank in Bangladesh. The hackers they managed to steal a total of $851 million, and would have continued unmolested had not a typo prevented one of the illegal transactions from ringing the alarm. Despite the typo of the last transaction the attackers managed to walk away with $81 million.
Bluenoroff has also successfully hacked banks in India, Mexico, Pakistan, the Philippines, South Korea, Taiwan, Turkey, Chile and Vietnam.
Security companies such as Symantec and FireEye have documented the work of this subgroup of the Lazarus hacking group as they systematically exploited the weaknesses of the SWIFT payment network used by banks around the world. The name Bluenoroff was coined in 2017 by Kaspersky Lab researchers, who were the first to report that the group was an autonomous unit of the Lazarus hacking group. The group name was based on a tool it used called "nroff_b.exe".
The other subgroup of Lazarus hacking group is known as "Andariel". It focuses on hacks targeting foreign companies, financial services and government agencies. Security companies first spotted Adariel around 2015 when it hit targets in South Korea. Discovered by the South Korean Internet and Security Agency, or Kisa.
Trend Micro has publish the following image, which accurately shows the work of North Korean hacking groups:
Friday's announcement also said North Korea's three hacking groups may have stolen $ 571 million in cryptocurrencies from five stock exchanges in Asia from January 2017 to September 2018. News agencies such as Reuters reported that the United believe that the hacking of North Korean groups has brought in $ 2 billion in profits that have been used for weapons of mass destruction programs.
It is unclear how the sanctions announced will affect North Korea, as if the UN estimate of $ 2 billion is correct, it is hard to imagine that Friday's announcement would have any practical effect.
Unless it's another Trump administration propaganda game that has (?) Only bargaining power…
