The US Treasury Department on Friday announced sanctions on three state-sponsored North Korean hacking groups for attacking US critical infrastructure. The same groups have also been stealing millions from the financial sector to fund the North Korean government, US officials claim.
The hackers’ identities are unknown, so the Treasury Department has resorted to placing their associated code names—Lazarus Group, Bluenoroff, and Andariel—on the US sanction list. The agency claims all three groups are tied to North Korean government’s Reconnaissance General Bureau, which is already on the US sanction list.
The order will force American companies, including banks, to cut off ties and freeze any assets the hacking groups have in the US, and report their activities to federal agencies. Companies and individuals found in violation can themselves face penalties from the Treasury Department.
The move may prompt US companies to examine their businesses for any potential ties to the North Korean hackers. However, all three groups named today use shadowy tactics to stay hidden. A year ago, the US charged one North Korean programmer, Park Jin Hyok, for his work as a member of Lazarus Group, which has been blamed for the 2014 Sony Pictures hack and the 2017 WannaCry ransomware outbreak. According to federal investigators, Hyok was employed by a front company called Chosun Expo, providing IT work.
In today’s announcement, the Treasury Department also blamed the North Korean hackers for committing cyberespionage, particularly against the South Korean government. To protect banks and companies, federal cyber agencies have been sharing samples of the malware the North Korean hackers have been using, so IT security teams know what to look out for.
Despite the sanction threat, the North Korean hackers will undoubtedly continue to keep up their attacks, said John Hultquist, a director at cybersecurity firm FireEye.
“Even if [the hackers] were to take a lighter hand to the US, much of their criminal activity takes place beyond the US in countries who may not have the same ability to change North Korea’s behavior,” he said in an email. “It’s also important to remember that this activity appears to be very lucrative, and the choice for the cash-strapped regime to give it up will be a hard one.”
Last month, the United Nations reportedly found that North Korean hackers may have stolen as much as $2 billion to help fund the country’s nuclear weapons program. The thefts have involved targeting cryptocurrency exchanges and stealing funds from financial institutions over the SWIFT messaging system and via ATM machines. The North Korean government later denied it had ever carried out the attacks mentioned in the UN estimate, calling the allegations “ill-hearted rumors.”