North Korean charged in WannaCry, Bangladesh central bank hacks
WASHINGTON (AFP) – The US charged a North Korean programmer Thursday with some of the most dramatic global hacking cases of recent years, alleging they were carried out on behalf of the regime in Pyongyang.
The sabotage included the WannaCry 2.0 virus, the 2014 Sony Pictures attack and the 2016
cyber-heist of Bangladesh's central bank.
The US Justice and Treasury Departments said Park Jin Hyok was part of a unit known as the "Lazarus Group" that masterminded the notorious hacks "on behalf of the government of North Korea or the Workers' Party of Korea."
The heavily detailed, 176 page indictment also tied the group to other spearphishing campaigns, malware attacks, and the attempted theft of documents and money from banks in Southeast Asia and Africa.
The attacks, the indictment said, were conducted from North Korea, China and other countries.
"This complaint exposes a vast and audacious scheme by the North Korean government to utilize computer intrusions as a means to support the varied goals of their regime," said Paul Delacourt, of the Federal Bureau of Investigation's Los Angeles office, which led the probe.
The Justice Department charged Park with one count of conspiracy to commit computer fraud, and another count of conspiracy to commit wire fraud.
The computer fraud charge carries a maximum of five years in prison, while the wire fraud would spell up to 20 years.
Military intelligence link The Treasury announced financial sanctions on Park and a governmentcontrolled company he worked at for more than a decade, Chosun Expo Joint Venture, also known as Korea Expo Joint Venture.
The company is tied to a North Korean military intelligence unit called Lab 110, the Justice Department said.
"North Korea has demonstrated a pattern of disruptive and harmful cyber activity that is inconsistent with the growing consensus on what constitutes responsible state behavior in cyberspace," the Treasury said in a statement.
"Our policy is to hold North Korea accountable and demonstrate to the regime that there is a cost to its provocative and irresponsible actions."
The cyber-theft of a huge number of files from Sony Pictures Entertainment in 2014 saw the company lose control of private communications between top executives, personal data of thousands of employees and customers, and scripts and information on upcoming films.
Leaked emails from the hack showed company chiefs giving unvarnished opinions on some of Hollywood's top stars and resulted in the departure of at least one official.
Bangladesh central bank The North Koreans undertook the Sony hack, US officials say, in retaliation for the Sony comedy film "The Interview," about a scheme to assassinate the North Korean leader.
The hack of the central bank of Bangladesh in February 2016 saw at least $81 million stolen and transferred between a number of accounts in the Philippines and elsewhere, rendering most of it unrecoverable.
WannaCry 2.0 was “ransomware”– a form of malicious software – which spread virulently around the world in May 2017, infecting some 300,000 computers in 150 countries.