Last updated on February 17, 2021 7:34 pm
by Jerry Dunleavy, Justice Department Reporter
The Justice Department charged a trio of North Korean military intelligence hackers with a broad array of yearslong global cybertheft schemes, some of which included the theft of more than $1.3 billion in money and cryptocurrency.
Jon Chang Hyok, Kim Il, and Park Jin Hyok were identified by the Justice Department as members of hacking units of North Korea’s Reconnaissance General Bureau known as “Lazarus Group” and “Advanced Persistent Threat 38.” The DOJ said they “were at times stationed by the North Korean government in other countries, including China and Russia.” The men are believed to be at large in North Korea.
“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, have become the world’s leading bank robbers,” John Demers, the assistant attorney general of the DOJ’s National Security Division, said during a Wednesday press conference. “The department will continue to confront malicious nation-state cyber activity with our unique tools and work with our fellow agencies and the family of norms-abiding nations to do the same.”
The 33-page newly unsealed indictment detailed a host of cybercrimes carried out by the hackers, including the destructive cyberattack on Sony Pictures in November 2014 in retaliation for The Interview, which mocked North Korea’s leader, and the retaliatory December 2014 hacking of AMC Theaters, which was slated to show the film.
The Justice Department also charged the hackers with attempts from 2015 through 2019 to steal more than $1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa, ATM “cash-out scheme” thefts including millions from BankIslami, the creation and deployment of WannaCry 2.0 ransomware beginning in 2017, the development of a range of malicious cryptocurrency applications beginning in 2018, which investigators alleged would provide the hackers with a back door into victim computers, and the theft of tens of millions of dollars from cryptocurrency companies.
The Justice Department pointed to spear-phishing campaigns that started in 2016 and targeted U.S. defense contractors, the State Department, the Pentagon, and companies in the aerospace, energy, and technology arenas. The DOJ indicted the North Koreans for the Marine Chain Token scheme, which DOJ said “would allow the DPRK to secretly obtain funds from investors, control interests in marine shipping vessels, and evade U.S. sanctions.”
Investigators also announced that Ghaleb Alaumary, a Canadian American citizen involved in helping the North Koreans launder millions of dollars through ATM schemes and bank heists, agreed to plead guilty.
“The indictment refines the attribution of this crime spree to the DPRK military intelligence services, specifically the Reconnaissance General Bureau. Simply put, the regime has become a criminal syndicate with a flag, which harnesses its state resources to steal hundreds of millions of dollars,” Demers said.