OFAC sanctions 3 North Korean state-sponsored cyber groups

OFAC has listed 3 North Korean state-sponsored cyber groups, “Lazarus Group”, “Bluenoroff”, and “Andariel” as “agencies, instrumentalities, or controlled entities of the Government of North Korea” and for being controlled by US- and UN-designated Reconnaissance General Bureau (RGC), North Korea’s intelligence bureau, pursuant to Executive Order 13722.

Lazarus Group “was involved in the destructive WannaCry 2.0 ransomware attack” in 2017, “the biggest known ransomware outbreak in history”, which affected approximately 150 countries around the world, shut down 300k computers and severely impacted the UK’s National Health Service, leading to costs of over $112m.

Bluenoroff and Andariel are sub-groups of Lazarus Groups. Blueronoff “conducts malicious cyber activity in the form of cyber-enabled heists against foreign financial institutions on behalf of the North Korean regime to generate revenue”, and reportedly has attempted to steal over $1.1bn from financial institutions worldwide from 2014 – 2018. Andariel has allegedly carried out cyber-operations targeting foreign businesses, particularly cryptocurrency exchanges, and government agencies, such as South Korea’s Defence Ministry. OFAC Notice and Treasury Press Release.

North KoreaNorth Korea United StatesUnited States

About Michael O'Kane

Michael O'Kane

Michael was called to the Bar in 1992 and prior to joining Peters & Peters was a senior specialist prosecutor at the Crown Prosecution Service Headquarters (CPS). He was a key member of a small specialist unit responsible for the prosecution of serious and high-profile fraud, terrorist,...

See profile for Michael O'Kane >