Alleged North Korean hackers charged
WASHINGTON — The Justice Department on Wednesday unsealed charges against three North Korean hacker spies accused of conspiring to steal and extort more than $1.3 billion in cash and cryptocurrency from banks and businesses around the world.
The indictment builds upon 2018 charges brought against one of the alleged hackers in connection with the North Korean regime’s 2014 cyberattack on Sony Pictures Entertainment, marking the first time the United States charged a Pyongyang operative.
The move shows the degree to which North Korea relies on financial cybertheft to obtain hard currency in a country whose main exports are under United Nations and U.S. sanctions, and that is further isolated by a selfimposed coronavirus blockade.
Officials also announced that a Canadian American citizen has pleaded guilty to serving as a money launderer who assisted the alleged North Korean hackers.
“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” said John Demers, assistant attorney general for national security.
According to the indictment filed in December, the defendants work for the Reconnaissance General Bureau, North Korea’s military intelligence agency. The agency houses the hacking units known by various names, including Lazarus Group and APT38.
One of the defendants, Park Jin Hyok, was also charged in a complaint about the Sony hack, unsealed in September 2018. The other two are John Chang Hyok and Kim Il.
The U.S. attorney’s office in Los Angeles and the FBI obtained warrants to seize about $1.9 million in cryptocurrency that allegedly was stolen by the hackers from a New York bank and that was held at two cryptocurrency exchanges. The money will be returned to the bank, officials said.
The conspiracy ranged widely, prosecutors allege, with the operatives hacking into banks and cryptocurrency exchanges, and creating a destructive ransomware virus, WannaCry, in May 2017. They are accused of developing malicious cryptocurrency applications from March 2018 through at least September 2020, which provided the hackers a back door into victims’ computers.
They also conducted “spearphishing” campaigns targeting U.S. defense contractors and energy, aerospace and technology companies, as well as the State Department and the Pentagon, to trick employees into giving up credential enabling the hackers’ entry into their computers.