The Trump administration announced sanctions against three North Korean hacking groups, dubbed “Lazarus Group,” “Bluenoroff,” and ”Andarie,” which they allege are controlled by the North Korean government and responsible for a litany of malicious cyber attacks in recent years.

According to the US Treasury’s Office of Foreign Assets Control, one of the groups, Bluenoroff, has successfully tapped cryptocurrency exchanges for more than $500 million in crypto over the last two years. 

But that’s actually far less than the $2 billion a United Nations report accused the Hermit Kingdom of filching. The North Koreans had dismissed that report as “ill-hearted rumors” in a statement last Sunday:

“Such a fabrication by the hostile forces is nothing but a sort of a nasty game aimed at tarnishing the image of our Republic and finding justification for sanctions and pressure campaign against the DPRK,” the North Korean statement said, presaging the sanctions this week.


The Treasury Department’s statement speculated that the alleged thefts “possibly assist in obfuscating revenue streams and cyber-enabled thefts that also potentially fund North Korea’s WMD and ballistic missile programs.”

Citing industry and press reporting, the government’s statement said the “state-sponsored hacking groups likely stole around $571 million in cryptocurrency alone, from five exchanges in Asia between January 2017 and September 2018.”

North Korea is no stranger to sanctions. Since 1950, the US has sanctioned various trade-related activities and travel to the country.

So the question is, why now?


On Tuesday, President Trump fired Secretary of State John Bolton and said that it was due in part to Bolton’s hardline stance against North Korea. So, optics, maybe? Just a wild guess.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.