US charges three North Koreans in $1.3 billion hacking spree

Joanna Estrada
February 18, 2021

The United States has charged three North Korean computer programmers with a massive hacking spree aimed at stealing more than $1.3 billion in money and cryptocurrency, affecting companies from banks to Hollywood movie studios, the Department of Justice said on Wednesday.

The defendants are state-sponsored North Korean hackers and members of Reconnaissance General Bureau (RGB) units, a North Korean military intelligence agency that has engaged in criminal hacking operations. United States investigators now say they've identified two other North Koreans in the group: 31-year-old Jon Chang Hyok and 27-year-old Kim Il.

The group, which earned a place in the USA government's sanctions list in 2019, has been linked into a wide array of criminal cyber activities, both in the US and overseas, including the destructive WannaCry ransomware outbreak of 2017, the SWIFT attacks on banks and ATM networks to steal more than $1.2 billion, conducting spear-phishing campaigns, and carrying out cryptocurrency thefts amounting to at least $112 million.

The indictments name Jon Chang Hyok (a.k.a "Alex/Quan Jiang"), Kim Il (a.k.a. "Julien Kim"/"Tony Walker"), and Park Jin Hyok (a.k.a. Pak Jin Hek/Pak Kwang Jin).

Park was previously charged in 2018 in connection with the WannaCry and Sony Pictures attacks.

Trying to steal tens of millions of dollars from cryptocurrency companies.

Authorities believe the motive for the attack was retaliation for Sony's production of the 2014 film "The Interview," a comedy starring Seth Rogen and James Franco that ridiculed North Korean dictator Kim Jong Un and included the portrayal of an assassination plot against him.

The group is thought to be responsible for the attempted theft of approximately $1.2 billion, although it's unclear how much of that was actually stolen.

In a 2018 scheme, they robbed $6.1 million from ATM machines from Pakistan's BankIslami after gaining access to its computer network.

The Justice Department also alleged that the trio participated in the creation of the destructive WannaCry 2.0 ransomware - which hit Britain's National Health Service hard when it was set loose in 2017.

The three, who are not in custody, are also accused of deploying malicious cryptocurrency programs.

They also allegedly targeted cryptocurrency companies in Slovenia, Indonesia and elsewhere.

The indictment unsealed by the U.S. Justice Department states that cryptocurrency firms lost over $110 million to the cybercriminals, with an unnamed Slovenian cryptocurrency company parting with a cool $75 million. None of the three are in USA custody.

The indictment describes a vast and multilayered scheme that went well beyond the Sony attack, targeting global banks and cryptocurrency companies.

"The Department's criminal charges are uniquely credible forms of attribution - we can prove these allegations beyond a reasonable doubt using only unclassified, admissible evidence", Assistant Attorney General John C. Demers said. "And they are the only way in which the Department speaks".

"The scope of the criminal conduct by the North Korean hackers was extensive and longrunning, and the range of crimes they have committed is staggering", said Acting U.S. Attorney Tracy L. Wilkison for the Central District of California. Also today, the U.S. released an advisory documenting the fake cryptocurrency apps the Lazarus group has been creating to hack unsuspecting users.

Other reports by Click Lancashire

Discuss This Article

FOLLOW OUR NEWSPAPER