Can threats to freeze assets be effective against groups backed by a foreign government?
This week the U.S. Department of the Treasury announced sanctions targeting North Korean state-sponsored hacking groups, including Lazarus, which paralyzed 300,000 computers in 150 countries with the 2017 WannaCry ransomware attack.
Treasury officials said the hackers in Lazarus and two affiliated groups support the North Korean military. “Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs,” said Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence.
Lazarus was “created by the North Korean Government as early as 2007” and its WannaCry attack was “the biggest known ransomware outbreak in history” in part because it closed hospitals in the United Kingdom, Treasury said in filing the sanctions.
Tech news outlet ZDNet called the sanctions “a long time in coming,” citing reports on North Korean hacking from The United Nations and the Department of Homeland Security.
But how effective will they be? Connecting attacks to specific perpetrators can be more difficult than announcing sanctions to loosely identified groups, experts say.
Guilt can be tough to prove
“North Korea is suspected to be behind a number of high profile cyber attacks,” said Avast Security Evangelist Luis Corrons. “Attribution is extremely difficult in cybercrime, and even if you can probe it to a certain point of confidence, false flags” and other deceptive tactics can obfuscate forensics.
The move authorizes the U.S. to freeze assets connected to the hackers, and “may prompt U.S. companies to examine their bu ..
Support the originator by clicking the read the rest link below.
