3 hacker groups from North Korea get sanctioned by U.S. for cryptocurrency theft

As North Korea begins the preparations for its second crypto-blockchain conference, the news of 3 North Korean entities being sanctioned has surfaced. One of the reasons behind this action by the U.S. involves cryptocurrency thefts by these firms.

The U.S. Department of Treasury in an announcement made on 13th September named three entities- Lazarus Group, Bluenoroff, and Andariel who are believed to be responsible for stealing crypto valued at around $571 million from 5 exchanges in Asia in 2017-2018.

The Treasury Department believes that the funds stolen from the exchanges are used in the development of nuclear weapons and ballistic missiles. The assets owned by the three entities are now blocked, and they have to report to the Office of Foreign Assets Control (OFAC). The announcement also mentioned that all the U.S. citizens and companies present in the U.S. are prohibited from dealing with any of the blocked entities in any way.

Along with this, any other financial institution that decides to deal with the blocked entities will lose its banking relationships with U.S. financial institutions. Lazarus is the parent group of the other two groups and is also known as Apple Worm and Guardians of Peace was also a part of WannaCry 2.0 ransomware attacks of 2017.

Security companies in 2014 noticed Bluenoroff, and it is also known as APT38, or Stardust Chollimm stole funds from financial institutions including $80 million from Central Bank of Bangladesh.

Andariel was found in 2015 by the internet security community. It was responsible for a 2016 hack into the personal computer of the Defense Minister of South Korea. North Korea controls the groups, and they are related to the Reconnaissance General Bureau (RGB).

A report by the U.N. stated that North Korea has cryptocurrency around $2 billion and fiat currencies from around 17 countries. UPbit exchange of South Korea was also a part of one of the thefts as North Korea used the technique of phishing attacks to control the computers of the customers.