The U.S. Department of the Treasury announced on 13th September 2019 that three North Korean entities have been identified and placed on the sanction lists – Andariel, Bluenoroff and the Lazarus Group. The three groups are allegedly blamed for stealing over $517 million worth of cryptocurrencies in 2017 and 2018.
The crypto theft was made from five Asian-registered exchanges.
The government structure stated that the stolen funds were used for the purchase of ballistic missiles and nuclear weapons. Sigal Mandelker, the Treasury Secretary for Terrorism and Financial Intelligence insisted on the government, in collaboration with the United Nations, to continue enforcing sanctions against North Korean cyber attackers.
The blacklisting means all illicitly obtained funds are withheld and should be reported to the Office of Foreign assets control (OFAC). OFAC will prohibit any transactions with stolen funds in the United States.
The Lazarus Group, with its subsidiary groups - Guardians of Peace and Apple Worm, were blamed for being involved in the WaanaCry 2.0 hacking attack. WannaCry 2.0 affected over 300,000 users worldwide located in around 150 countries.
Andariel, initially noticed by the internet security community for malware activities and ATM hacks, was believed to stay behind the 2016 hack against the defense minister of South Korea.
Bluenoroff is accused of stealing funds from banking and financial institutions, including a $80 million theft from the Central Bank of Bangladesh. The group is accused of stealing over $1.1 billion from banks in South Korea, Philippines, Mexico, Pakistan, Turkey and Vietnam, and is believed to have targeted cryptocurrency exchanges as well.
All three North Korean entities have been closely monitored by the Reconnaissance General Bureau (RGB).
Overall, North Korean hacking groups stole over $2 billion worth of both fiat and cryptocurrencies, according to a report from the U.N. The total number of attacks is believed to be 35, taking place across 17 different countries.