U.S. sanctions North Korea hacking groups, says attacks funded missile program

The U.S. Office of Foreign Assets Control (OFAC) sanctioned North Korea Friday for ransomware attacks on the Swift interbank messaging system and other critical infrastructure targets that generated funding for the nation-state’s weapons and missile programs.

The Treasury Department targeted three state-sponsored hacking groups – the Lazarus Group, whose WannaCry attacks wreaked havoc around the world just two years ago and its two units, BlueNorOff (APT38), which has scooped up more than $1.1 billion from repeated attacks on SWIFT, and AndAriel, a stealth group that security firms first spotted attacking South Korea in 2015. The three have been added to Treasury’s Specially Designated Nationals (SDN) List. As a result, their assets will be blocked and U.S. persons and entities are forbidden from doing business with them.

“Treasury is taking action against North Korean hacking groups that have been perpetrating cyberattacks to support illicit weapon and missile programs,” Sigal Mandelker, Treasury undersecretary for terrorism and financial intelligence, said in a release, noting that the agency would “work with the international community to improve cybersecurity of financial networks.”

That North Korea is using gains from cyberattacks to fund its weapons programs comes as no surprise, given their scope and frequency. “Though operations may fund the hackers themselves, their sheer scale suggests that they are a financial lifeline for a regime that has long depended on illicit activities to fund itself,” said John Hultquist, director, intelligence analysis at FireEye, which has kept a close eye on the North Korean hacking groups the past four years.

How North Korea will respond to the U.S.’s heavier hand is unclear. “It is difficult to predict how any state will react to sanctions, especially North Korea,” said Hultquist. “In the past they have remained obstinate in the face of other sanctions and international condemnation of their cyber capability.”

The country, whose leader Kim Jong-un has developed a cordial relationship with President Trump, might take a lighter hand to the U.S. But, even so, “much of their criminal activity takes place beyond the U.S. in countries who may not have the same ability to change North Korea’s behavior,” Hultquist explained. “It’s also important to remember that this activity appears to be very lucrative, and the choice for the cash-strapped regime to give it up will be a hard one.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.