The U.S. Treasury Department said Friday that North Korean state-sponsored hacking groups attacked critical infrastructure, drawing illicit funds that ultimately funded the country's weapons and missile programs.
The groups launched ransomware campaigns among other types of attacks, according to Treasury's announcement. The direct link to North Korea's missile program creates further ethical hurdles for companies, insurers and municipalities that must decide whether or not to pay ransoms to criminal groups that have locked up their files.
Treasury says three hacking groups are "responsible for North Korea's malicious cyber activity on critical infrastructure." The groups were sanctioned by Treasury's Office of Foreign Assets Control.
One of the groups was responsible for the infamous WannaCry ransomware attacks of 2017, which cost companies and governments hundreds of millions of dollars.
"Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs," Sigal Mandelker, Treasury under secretary for terrorism and financial intelligence, said in the release.
"We will continue to enforce existing U.S. and UN sanctions against North Korea and work with the international community to improve cybersecurity of financial networks," Mandelker said.
The three hacking groups — known as "Lazarus Group," "Bluenoroff," and "Andariel" — are controlled by North Korea through their relationship to a United Nations-designated intelligence bureau, according to Treasury.
The Lazarus Group's WannaCry attacks two years ago caused widespread havoc globally, shutting down hospitals and ambulances run by Britain's National Health Service, halting car manufacturing by companies like Nissan and Renault and stopping shipments by FedEx, among numerous other companies.
Bluenoroff has stolen more than $1 billion from global financial institutions since 2014 through a variety of tactics, including attacks against the SWIFT messaging system. Anadriel "was observed by cyber security firms attempting to steal bank card information by hacking into ATMs to withdraw cash or steal customer information to later sell on the black market," according to Treasury.
The move is another step in the federal government's initiatives to identify the financial trail of cybercrimes, particularly those perpetrated by hostile nations. The fact that these illicit funds were used for North Korea's weapons programs will put further ethical pressure on any organization dealing with breaches or ransomware. A recent ProPublica investigation called into question the ethics of paying ransom demands or even having insurance products that cover the costs of the ransom, when the funds may be going into the hands of criminals or, in these cases, North Korea's military.
The sanctions come days after President Donald Trump fired national security advisor John Bolton, who was known for taking a more hawkish stance against North Korea than the commander-in-chief. Trump has cultivated a cordial relationship with North Korea's dictator, Kim Jong Un, and in July became the first sitting U.S. president to set foot on North Korean soil.
Experts believed Bolton's firing could lead to further softening of relations between the U.S. and North Korea.
Since 2011, Kim has fired more than 90 missiles and had four nuclear weapons tests, which is more than what his father, Kim Jong Il, and grandfather, Kim Il Sung, launched over a period of 27 years.
North Korea, the only nation to have tested nuclear weapons this century, spent most of Trump's first year in office perfecting its nuclear arsenal. While North Korea has paused nuclear tests that prompted Trump's threat to bring "fire and fury" upon that country, it had already made significant progress before the historic dialogue with the U.S. started. The nation has also launched tests of various projectiles in recent months.
Under the third-generation North Korean leader, the reclusive state has conducted its most powerful nuclear test, launched its first-ever intercontinental ballistic missile and threatened to send missiles into the waters near the U.S. territory of Guam.