The US government's move last Friday to slap sanctions on three North Korean cyber threat groups is being viewed by some security experts as a necessary but likely futile attempt to slow down state-sponsored hacking activity in that country.
The sanctions came amid reports of fresh threat activity targeted at US interests from North Korea. The US DHS and the FBI warned of new malware activity related to Hidden Cobra, a DDoS botnet previously linked to North Korea's intelligence apparatus. In another report, security vendor Prevailion said it had observed a recent expansion of a North Korean threat campaign dubbed 'Autumn Aperture' directed at US organizations in multiple industries.
The US Department of Treasury announced the sanctions against North Korea's Lazarus Group and two of its sub-groups Bluenoroff and Andarie. All three are accused of working for the Reconnaissance General Bureau (RGB) North Korea’s primary intelligence agency to support the country's missile and weapons programs.
Lazarus Group is best known for its involvement in the WannaCry 2.0 attacks of December 2017 and the crippling breach at Sony in 2014. Security researchers believe Bluernoroff was established to earn money for the cash-strapped sanctions-hit North government. The group has been linked to attacks on banks in Bangladesh, India, South Korea, Mexico and several other countries and is believed to stolen tens of millions of dollars in these cyber heists. Andarie's mission is thought to be similar, though this group's attacks have focused on bankcard theft and ATM hacking.
