North Korean intelligence agents are charged with $ 1.3 billion in cyber-attacks, extortion, malware and phishing.
The US Department of Justice has accused three computer programmers working for the North Korean military of using cross-border cyberattacks to raise money for North Korea and its leader Kim Jong Un.
A lawsuit in federal court in Los Angeles, California states that Jon Chang-hyok, 31, Kim Il, 27, and Park Jin-hyok, 36, are members of the North Korean military intelligence service, the Reconnaissance General Bureau.
The three hackers were responsible for a wide variety of cyberattacks that began in 2014 with the Sony Pictures Entertainment hack and bank theft in Asia and Africa.
The hackers extorted or stole more than $ 1.3 billion in cash and cryptocurrency, the US Department of Justice said in a press release announcing the charges.
“The level of criminal behavior by North Korean hackers has been extensive and protracted, and the range of crimes they have committed is staggering,” said acting US attorney Tracy Wilkison.
“The behavior described in the indictment is the act of a criminal nation-state that has stopped at nothing to seek revenge and receive money to shore up its regime,” said Wilkison.
The North Korean military hacking units are known in cybersecurity circles as the Lazarus Group and Advanced Persistent Threat 38 (APT38), the Justice Department said.
US prosecutors allege Jon Chang-hyok is one of three members of a North Korean military intelligence agency tasked with carrying out a wide range of global hacks against banks and a film studio [US Department of Justice via AP]The hackers targeted Sony Pictures in retaliation for the comedic film The Interview, which, according to the DOJ, portrayed the assignment of the North Korean leader.
Using fake interbank messages, the hackers attempted to steal from financial institutions in Bangladesh, Vietnam, Taiwan, Mexico, Malta and several African countries.
Other alleged plans included a US $ 6.1 million ATM robbery by Bank Islami in Pakistan, the development of the destructive WannaCry 2.0 ransomware to blackmail businesses and the UK’s National Health Service.
The North Korean hackers allegedly stole $ 75 million from a Slovenian cryptocurrency company, $ 25 million from an Indonesian cryptocurrency company, and nearly $ 12 million from a New York company that used a malicious cryptocurrency backdoor.
At times, the three North Korean hackers worked in locations in other countries, including Russia and China, US officials said.
Several spear phishing campaigns were targeted against employees of US defense companies, energy, aerospace and technology companies, as well as the US Department of State and the US Department of Defense.
Park Jin-hook was previously charged by US authorities with hacking and stealing Sony Pictures in a cyber attack on the Central Bank of Bangladesh.
In addition to the criminal charges, which cannot lead to a ruling in any US court since the three people are in North Korea, the FBI and the US Department of Homeland Security have issued a public recommendation on North Korean cryptocurrency malware.