U.S. Justice Department indicts 3 North Korean hackers
The U.S. Justice Department on Wednesday unsealed charges against three North Korean hackers accused of conspiring to steal and extort more than $1.3 billion in cash and cryptocurrency from businesses, banks, and individuals around the world.
The indictment acts as the U.S. government's latest effort to demonstrate that North Korea is engaged in a concerted, decade-long criminal campaign to defraud and exploit institutions around the world in order to evade U.S. sanctions, raise currency for North Korea and take revenge against corporations that offended Pyongyang.
Originally filed in the Central District of California in December, the indictment names the defendants Park Jin-hyok, Jon Chang-hyok and Kim Il as hackers employed by the Reconnaissance General Bureau, North Korea's military intelligence agency. The agency houses hacking units known by various names, including Lazarus Group and Advanced Persistent Threat 38 (APT38). The three hackers traveled to and worked from other countries, including China and Russia, to carry out their crimes, according to the indictment.
These charges build on the Justice Department's previous charges against Park in 2018, in which he was accused of being a participant in the 2017 WannaCry worldwide ransomware attack and in the 2014 hacking of Sony Pictures, based in the Californian court district where the charges were filed.
The Justice Department views the motive for the Sony Pictures hacking as revenge for perceived reputational harm to North Korea caused by the entertainment company's production and distribution of the movie "The Interview" (2014), which depicted a fictional assassination of North Korean leader Kim Jong-un.
According to the latest indictment, the North Korean hackers conducted criminal cyber intrusions for state and personal financial gain by employing a variety of methods, including personalized spear-phishing communications which sent malware to targeted computers and embedding malware within legitimate websites frequented by victims, called "watering holes."
The Justice Department in its filing accuses the three hackers of conspiring to steal more than $1.3 billion from financial institutions and cryptocurrency companies.
The hackers are accused of deploying customized malware to infiltrate bank computer networks, which would cause fraudulent A.T.M. withdrawal requests to be approved and result in the requesting A.T.M.s dispensing cash to money-laundering co-conspirators. One such victim bank, BankIslami Pakistan, lost more than $6.1 million in 2018.
The hackers also accessed computers of banking networks in the Philippines, Bangladesh, Vietnam and other countries between 2015 and 2019 in order to authorize wire transfers from victim banks to accounts used and controlled by the hackers, including those in the United States, according to court papers.
Notable new schemes addressed in the charges involve cryptocurrencies.
The indictment charges the hackers with using spear-phishing communications on employees of cryptocurrency companies in Slovenia and Indonesia to gain access to the companies' computer networks. The hackers are accused of using this unauthorized access to transfer $75 million from the Slovenian company and $24.9 million from the Indonesian company in 2017 and 2018, respectively.
In another cryptocurrency-related charge, the hackers are accused of creating a fraudulent initial coin offering — essentially an initial public offering for a new digital currency — for a digital coin as early as 2009, called Marine Chain Token, which they claimed would allow investors to buy stakes in shipping vessels. According to court papers, the hackers used false personas to conceal their North Korean identities, never revealing to potential Marine Chain Token investors in Singapore that the money raised would be used to evade U.S. sanctions against Pyongyang.
"The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering," said acting U.S. Attorney Tracy L. Wilkison for the central district of California. "The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime."
BY MICHAEL LEE [firstname.lastname@example.org]