The U.S. Treasury Department said that the three hacking organizations in North Korea seized a total of $570 million worth of cryptocurrency from five cryptocurrency exchanges in Asian countries between 2017 and 2018.
In its “2020 National Strategy Report on Terrorism and Other Illegal Financing,” the Treasury Department pointed out that three North Korean hacking groups, Lazarus, Blunorov and Andorriel, engaged in cyber intelligence, information theft, cash extortion and dissemination of destructive malicious codes under the control of the North’s Reconnaissance General Bureau. As part of that, it said it took $57 million in cryptocurrency from five cryptocurrency exchanges in the Asian country between January 2017 and September 2018.
The three hacking groups were previously included by the U.S. Treasury under sanctions against North Korea. These organizations are tasked with hacking and other activities to help the North Korean authorities avoid sanctions against the North under the control of the Reconnaissance General Bureau. Lazarus was involved in the hacking of Sony Pictures in 2014, the hacking of Bangladesh’s central bank in 2016 and the hacking of Singapore’s Virtual Money Exchange in March last year, and has Blunorov and Andariel as its subgroup.
According to the finance ministry, the organizations led the Warner Krei Lansomware attack in 2017 that damaged 150 countries, including the United States, Australia and Britain, causing damage to each country’s social infrastructure and demanding cryptocurrency like Bitcoin in return for recovery.
The Treasury Department said it will further expand the use of artificial intelligence and data analysis to detect such illegal activities by North Korea, adding that it will expand the scope of its application to regulate North Korea’s trade-based money laundering, such as smuggling of large amounts of illegal funds and detecting trade trends, and to enable efficient law enforcement.
In the report, the Treasury Department identified North Korea as a “bad actor” and pointed out that it continues to engage in illegal financial transactions and sanctions avoidance by exploiting some financial institutions that do not properly implement sanctions against the North.
As an example, Wise Ernest, who was detained in the U.S. in April 2018 on charges of money laundering, pointed out that two banks in New York have created a dollar remittance partnership account that is needed for operation and maintenance. He also said that he avoided sanctions against North Korea in March 2018 when he transferred $750,000 through a proxy account at the Bank of New York in connection with the coal smuggling.
The Treasury Department said it will step up complementary and monitoring of related sectors as “agent accounts” are likely to facilitate the flow of illegal funds, adding that continued efforts will be made to address weaknesses in the implementation of sanctions by foreign governments and the private sector.