Today's Paper Latest Coronavirus Cooking The Article Families Core Values Story ideas iPad Weather Newsletters Obits Puzzles Archive

U.S. charges N. Koreans in hacks

Operatives said to have stolen $1.3B from banks, businesses by Compiled by Democrat-Gazette Staff From Wire Reports | February 18, 2021 at 4:27 a.m.

WASHINGTON -- The Justice Department on Wednesday unsealed charges against three North Korean hacker spies accused of conspiring to steal and extort more than $1.3 billion in cash and cryptocurrency from banks and businesses around the world.

The indictment builds upon 2018 charges brought against one of the alleged hackers in connection with the North Korean regime's 2014 cyberattack on Sony Pictures Entertainment, marking the first time the United States charged a Pyongyang operative.

The move shows the degree to which North Korea relies on financial cybertheft to obtain hard currency in a country whose main exports are under U.N. and U.S. sanctions, and that is further isolated by a self-imposed coronavirus blockade.

Officials also announced that a Canadian American citizen has pleaded guilty to serving as a money launderer who assisted the alleged North Korean hackers.

"North Korea's operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world's leading bank robbers," said Assistant Attorney General for National Security John Demers.

"What we see emerging uniquely out of North Korea is trying to raise funds through illegal cyber activities," including the theft of traditional currency and cryptocurrency, as well as cyber extortion schemes, Demers said.

Because of their economic system and sanctions imposed on the country, he added, "They use their cyber capabilities to try to get currency wherever they can do that, and that's not something that we really see from actors in China or Russia or in Iran."

None of the three defendants is in American custody, and though officials don't expect them to travel to the U.S. anytime soon for prosecution, Justice Department officials in recent years have found value in indicting foreign government hackers -- even in absentia -- as a message that they are not anonymous and can be identified and implicated in crimes.

According to the indictment filed in December, the defendants work for the Reconnaissance General Bureau, North Korea's military intelligence agency. The agency houses the hacking units known by various names, including Lazarus Group and APT38.

One of the defendants, Park Jin Hyok, was also charged in a complaint about the Sony hack, unsealed in September 2018. The other two are John Chang Hyok and Kim Il.

The U.S. attorney's office in Los Angeles and the FBI obtained warrants to seize about $1.9 million in cryptocurrency that allegedly was stolen by the hackers from a New York bank and that was held at two cryptocurrency exchanges. The money will be returned to the bank, officials said.

"The scope of the criminal conduct by the North Korean hackers was extensive and long-running and the range of crimes they have committed is staggering," said Tracy Wilkison, acting U.S. attorney for the Central District of California. These "are the acts of a criminal nation state that has stopped at nothing to extract revenge and obtain money to prop up its regime."

The conspiracy ranged widely, prosecutors allege, with the operatives hacking into banks and cryptocurrency exchanges, and creating a destructive ransomware virus, WannaCry, in May 2017. They are accused of developing malicious cryptocurrency applications from March 2018 through at least September 2020, which provided the hackers a back door into victims' computers.

They targeted cryptocurrency exchanges, stealing $75 million from a Slovenian company in 2017, $25 million from an Indonesian company in 2018 and $11.8 million from a bank in New York in August in which the hackers used the CryptoNeuro Trader application as a back door, prosecutors said.

They also conducted "spear-phishing" campaigns targeting U.S. defense contractors and energy, aerospace and technology companies, as well as the State Department and the Pentagon, to trick employees into giving up credentials enabling the hackers' entry into their computers.

Information for this article was contributed by Ellen Nakashima of The Washington Post; and by Eric Tucker and Frank Bajak of The Associated Press.


Sponsor Content