North Korean Hacker Trio Charged In $1.3B Cyberattack Racket
By Anand Vasu
Three North Korean computer programmers were charged with participating in a wide-ranging criminal conspiracy to conduct a series of destructive cyberattacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies.
Jon Chang Hyok, Kim Il and Park Jin Hyok, were also charged with attempting to to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform, the U.S. Department of Justice said in a statement.
The trio are members of the Reconnaissance General Bureau (RGB), a military intelligence agency of the Democratic People’s Republic of Korea (DPRK), which engaged in criminal hacking.
Jon, Kim, and Park are charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison; and one count of conspiracy to commit wire fraud and bank fraud, which carries a maximum sentence of 30 years in prison.
A second case unsealed on Feb. 17 revealed that Ghaleb Alaumary, a Canadian-American citizen has pled guilty in a money laundering scheme and admitted to being a high-level money launderer for multiple criminal schemes, including ATM “cash-out” operations and a cyber-enabled bank heist orchestrated by North Korean hackers. Alaumary pleaded guilty to one count of conspiracy to commit money laundering, which carries a maximum sentence of 20 years in prison.
These North Korean military hacking units are known by multiple names in the cybersecurity community, including Lazarus Group and Advanced Persistent Threat 38 (APT38).
“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” said General John C. Demers, Assistant Attorney of the Justice Department’s National Security Division. “The Department will continue to confront malicious nation state cyber activity with our unique tools and work with our fellow agencies and the family of norms abiding nations to do the same.”
Throughout the investigation, the FBI and the Justice Department provided specific information to victims about how they had been targeted or compromised, as well as information about the tactics, techniques, and procedures (TTPs) used by the hackers with the goals of remediating any intrusion and preventing future intrusions.
That direct sharing of information took place in the United States and in foreign countries, often with the assistance of foreign law enforcement partners. The FBI also collaborated with certain private cybersecurity companies by sharing and analyzing information about the intrusion TTPs used by the members of the conspiracy.
“Today’s unsealed indictment expands upon the FBI’s 2018 charges for the unprecedented cyberattacks conducted by the North Korean regime,” said Paul Abbate, the FBI Deputy Director. “The ongoing targeting, compromise, and cyber-enabled theft by North Korea from global victims was met with the outstanding, persistent investigative efforts of the FBI in close collaboration with U.S. and foreign partners. By arresting facilitators, seizing funds, and charging those responsible for the hacking conspiracy, the FBI continues to impose consequences and hold North Korea accountable for its/their criminal cyber activity.”