Three North Korean computer programmers have been indicted on charges of participating in a conspiracy to conduct cyberattacks to steal $1.3 billion from financial institutions and companies.
The federal indictment, unsealed today, expands a 2018 case that detailed an cyberattack on Sony Pictures and created ransomware.
“Today’s unsealed indictment expands upon the FBI’s 2018 charges for the unprecedented cyberattacks conducted by the North Korean regime,” said FBI Deputy Director Paul Abbate, in a news release. “The ongoing targeting, compromise, and cyber-enabled theft by North Korea from global victims was met with the outstanding, persistent investigative efforts of the FBI in close collaboration with U.S. and foreign partners. By arresting facilitators, seizing funds, and charging those responsible for the hacking conspiracy, the FBI continues to impose consequences and hold North Korea accountable for its/their criminal cyber activity.”
The hacking indictment filed in the U.S. District Court in Los Angeles alleges that Jon Chang Hyok, 31; Kim Il , 27; and Park Jin Hyok, 36, were members of units of the Reconnaissance General Bureau, a military intelligence agency of the Democratic People’s Republic of Korea, which engaged in criminal hacking. These North Korean military hacking units are known by multiple names in the cybersecurity community, including Lazarus Group and Advanced Persistent Threat 38 (APT38). Park was previously charged in a criminal complaint unsealed in September 2018.
The indictment alleges a broad array of criminal cyber activities undertaken by the conspiracy, in the United States and abroad, for revenge or financial gain.
These included cyberattacks on the entertainment industry, cyber-enabled heists from banks, cyber-enabled ATM cash-out thefts, ransomware and cyber-enabled extortion, creation and deployment of malicious cryptocurrency applications, targeting of cryptocurrency companies and theft of cryptocurrency, spear-phishing campaigns, Marine Chain Token and initial coin offering.
According to the Justice Department, the destructive cyberattack on Sony Pictures Entertainment in November 2014 was in retaliation for “The Interview,” a movie that depicted a fictional assassination of the DPRK’s leader; the December 2014 targeting of AMC Theatres, which was scheduled to show the film; and a 2015 intrusion into Mammoth Screen, which was producing a fictional series involving a British nuclear scientist taken prisoner in DPRK.