Northwest Arkansas Democrat-Gazette
N. Korean hackers draw U.S. sanctions
The U.S. sanctioned three North Korean state-sponsored groups that it says were responsible for hacking the interbank messaging system Swift and a ransomware attack called WannaCry 2.0 that crippled Britain’s National Health Service and Renault factories across Europe.
The Treasury Department said Friday that the hacking groups are commonly known as Lazarus Group, Bluenoroff and Andariel. The groups are controlled by North Korea’s primary intelligence bureau, the department said in a statement.
The U.S. said the attacks have been used to fund illicit weapon and missile programs by North Korea, which is under broad American sanctions over the country’s nuclear program.
“We will continue to enforce existing U.S. and UN sanctions against North Korea and work with the international community to improve cybersecurity of financial networks,” Sigal Mandelker, the Treasury Department’s undersecretary for terrorism and financial intelligence, said in a statement.
Almost no progress has been made toward an agreement on North Korea’s nuclear program despite three meetings between President Donald Trump and Kim Jong Un. After their latest meeting, the U.S. said Kim had agreed to begin detailed negotiations by mid-July.
Those talks are not known to have happened.
The sanctions build on U.S. government efforts to call out foreign hackers, including charges and sanctions imposed on an alleged member of the Lazarus Group last year.
The Justice Department in 2018 filed criminal charges against a North Korean national who it alleged belonged to the Lazarus Group. The person, Park Jin Hyok, was charged with crimes stemming from the 2014 hack on Sony Pictures Entertainment and the 2017 WannaCry ransomware operation, which the Treasury Department on Friday called “the biggest known ransomware outbreak in history.” The department simultaneously imposed sanctions against Park and his employer.
In the WannaCry attack, the Lazarus Group was involved in infecting computers with malicious software that encrypted data and demanded ransom payments from users to be released. The attack shut down roughly 300,000 computers in at least 150 countries, with one of the victims — the United Kingdom’s National Health Service — losing $112 million, according to the Treasury Department.
The cyberattack on Sony Pictures was seen at the time as representing a new, aggressive type of hacking because Lazarus Group hackers crippled computers, deleted data and released embarrassing internal emails in retaliation for the company’s film The Interview, a comedy about a Central Intelligence Agency plot to kill Kim.
“Lazarus Group targets institutions such as government, military, financial, manufacturing, publishing, media, entertainment, and international shipping companies, as well as critical infrastructure, using tactics such as cyber-espionage, data theft, monetary heists, and destructive malware operations,” according to the Treasury Department’s Friday statement.