Lazarus, Bluenoroff and Andariel. These are the three groups of hackers believed to be close to the North Korean government and accused by the US Treasury Department of being responsible for some attacks. Among these, the action that struck Sony in 2014 and those perpetrated starting in 2017 through the dissemination of WannaCry, one of the most virulent ransomware ever: over 300,000 terminals hit in more than 150 countries worldwide.

Actions coordinated by North Korea

According to the information available, the purpose of the operations would have been from the beginning to raise funds for the missile program set up by Pyongyang. The US authority calls for the freezing of funds linked to the three groups, affecting with the same measure also every foreign reality engaged in favoring their business. To control Lazarus, Bluenoroff and Andariel would be the Reconnaissance General Bureau, the North Korean intelligence agency.

The activity of Blueronoff has been documented since 2014. The name was given by Kaspersky and inspired by one of the tools used. It has hit financial institutions in India, Mexico, Pakistan, the Philippines, South Korea, Taiwan, Turkey, Chile and Vietnam. In 2016 it took 81 million dollars (18 million were recovered) with a single 2016 attack on the Bangladesh Central Bank whose goal was to reach a tally of 851 million dollars. The focus of Andariel has focused since 2015 more on private realities, espionage against defense departments (in particular the South Korean one) and financial services.

Both are controlled by Lazarus, comparable to that which could be defined as a sort of parent company within the sphere of legal activities.