US Sanctions 3 North Korean Hacking Groups Accused for Global Cyber Attacks #Cybersecuirty - The Entrepreneurial Way with A.I.

Breaking

Saturday, September 14, 2019

US Sanctions 3 North Korean Hacking Groups Accused for Global Cyber Attacks #Cybersecuirty

#HackerNews

The United States Treasury Department on Friday announced sanctions against three state-sponsored North Korean hacking groups for conducting several destructive cyberattacks on US critical infrastructure.

Besides this, the hacking groups have also been accused of stealing possibly hundreds of millions of dollars from financial institutions around the world to ultimately fund the North Korean government's illicit weapons and missile programs.

The three North Korean hacking groups in question are the well-known

Lazarus Group

, and its two sub-groups,

Bluenoroff

and

Andariel

.

The sanctions

announced

by the Treasury Department's Office of Foreign Assets Control (OFAC) claim that all the three groups are "agencies, instrumentalities, or controlled entities of the Government of North Korea" based on their relationship with Pyongyang's central intelligence bureau called the Reconnaissance General Bureau (RGB).

Specifically, the sanctions aim to lock any foreign financial institution who knowingly facilitated significant transactions or services for these hacking groups and freeze any asset associated with these three groups.

"We will continue to enforce existing US and UN sanctions against North Korea and work with the international community to improve the cybersecurity of financial networks," Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence said in a statement.

Lazarus Group, aka Hidden Cobra

The well-known group out of all is

Lazarus group

, also known as

Hidden Cobra

and Guardians of Peace, that has allegedly been associated with several high-profile cyberattacks, including

Sony Pictures hack

in 2014 and the

WannaCry ransomware

menace in 2017.

According to the Treasury's OFAC, the

destructive WannaCry ransomware

attack hit several organizations in at least 150 countries, including the United States, Australia, Canada, New Zealand, and the United Kingdom, and shut down about 300,000 computers.

However, the fatal Wannacry hit was against the UK's National Health Service (NHS), with hospitals that provide intensive care units and other emergency services virtually shut down and over 19,000 appointments canceled, which cost the NHS more than $112 million.

The US Department of Justice last year also announced criminal

charges against a North Korean computer programmer

, named

Park Jin Hyok

, in connection with the WannaCry ransomware attacks and Sony Pictures hack.

Bluenoroff—Lazarus Group's First Sub-Group

According to the Treasury Department, the Lazarus group formed its first sub-group, called Bluenoroff, specifically to obtain revenue for the North Korean government by targeting financial institutions around the world.

Since at least 2014, Bluenoroff had targeted the Society for Worldwide Interbank Financial Telecommunication (SWIFT)

transfer system

, financial institutions, and cryptocurrency exchanges, using a variety of tactics like phishing and backdoor intrusions.

The group had successfully carried out such operations against over 16 organizations across 11 countries, including Bangladesh, India, Mexico, Pakistan,

Philippines

, South Korea, Taiwan, Turkey, Chile, and Vietnam.

Bluenoroff's most notorious cyber attack

involving SWIFT

being against the Central Bank of Bangladesh's New York Federal Reserve in 2016, when the group worked with Lazarus Group to 

steal $81 million dollars

from the Reserve account, while it attempted to

steal $851 million

.

Anadriel—Lazarus Group's Second Sub-Group

The second Lazarus Group sub-group, Andariel, has been specialized in conducting malicious cyber operations against foreign businesses, government agencies, financial services, private corporations, and the defense industry.

Andariel was "observed by cybersecurity firms attempting to steal bank card information by hacking into ATMs to withdraw cash or steal customer information to later sell on the black market," the Treasury said.

The Treasury also said Andariel hackers created unique malware to hack online poker and gambling sites to steal cash.

However, besides its criminal activities, Andariel continues to conduct cyber attacks against South Korea government personnel and the South Korean military in an effort to gather intelligence and create disorder.

"One case spotted in September 2016 was a cyber intrusion into the personal computer of the South Korean Defense Minister in the office at that time and the Defense Ministry's intranet in order to extract military operations intelligence," the US Treasury said.

In addition, these three state-sponsored hacking groups likely managed to steal around $571 million in cryptocurrency alone, from at least five cryptocurrency exchanges in Asia between January 2017 and September 2018.

The sanctioning of the three groups are the latest efforts of the US government to hold North Korean hackers accountable for cyber attacks and to protect US financial systems and critical infrastructure against cyber threats.





Security

via https://www.aiupnow.com

noreply@blogger.com (Swati Khandelwal), Khareem Sudlow