Warrants have been issued for the arrest of the three programmers involved in the Sony, WannaCry, Bangladesh Bank and other attacks.
The US DOJ (Department of Justice) has charged three North Korean computer programmers with conspiring to steal and extort more than USD 1.3 billion from banks and other companies, among other charges.
“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” Assistant Attorney General John Demers said in a statement.
In an indictment filed in December 2020 and unsealed on Wednesday (17 February), US officials said they believed the three defendants were members of the Reconnaissance General Bureau, a North Korean military intelligence agency.
Officials said hacking groups known as Lazarus Group and APT38 are part of the Reconnaissance General Bureau, which has historically stationed spies in China, Russia and other countries.
Warrants have been issued for the arrest of the three individuals – Park Jin Hyok, Jon Chang Hyok and Kim Il – all of whom are believed to be in North Korea. Park was previously charged in a separate case, but his existence has been denied by North Korea.
The defendants are charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, and one count of conspiracy to commit wire fraud and bank fraud, which carries a maximum sentence of 30 years in prison.
The case involves a series of cyber attacks that took place over 11 years, including the 2014 hack that targeted Sony Pictures Entertainment over its intention to release The Interview, a comedy about a plot to kill North Korean leader Kim Jong Un.
While the Sony attack appeared to be a bid to punish the company by leaking its confidential information, US officials say North Korea had broadened its reach to steal money and bitcoin through more targeted attacks.
The countries targeted included the US, UK, Bangladesh, Malta, Mexico, Indonesia, Pakistan, the Philippines, Poland, South Korea, Slovenia, Taiwan and Vietnam.
The defendants were also accused of taking part in the 2017 WannaCry ransomware assault, which infected 300,000 computers in 150 countries, including those belonging to Nissan, Renault and the UK’s National Health Service.
The trio is also said to have launched multiple spear-phishing attacks targeting energy, aerospace and technology companies, as well as the US State Department, the US Defence Department and other US defence contractors.
The defendants are also said to be involved in the 2016 theft of USD 81 million from Bangladesh Bank and at least USD 112 million stolen from various cryptocurrency exchanges and financial institutions.
Also on Wednesday, US prosecutors announced charges against a Canadian-American citizen, Ghaleb Alaumary, who has pleaded guilty to helping to launder money for multiple criminal schemes, including ATM cash-out operations and a cyber-enabled bank heist orchestrated by North Korean hackers.
The US expects to seize and ultimately return almost USD 2 million allegedly stolen by North Korea from a New York financial services firm.
The FBI (Federal Bureau of Investigation) and CISA (Cybersecurity and Infrastructure Security Agency) have meanwhile issued a joint cybersecurity advisory and analysis reports regarding North Korean cryptocurrency malware.
Additional reporting from the Financial Times, MSSP Alert