Three North Korean computer programmers have been charged in Los Angeles with committing a wide array of cyberattacks and attempting to steal more than $1 billion in a conspiracy that targeted banks, companies and cryptocurrency tradersaround the world, federal authorities announced Wednesday.
The alleged hackers were working for a North Korean military agency, the Reconnaissance General Bureau, and pursuing strategic and financial goals of the country’s leader, Kim Jong Un, authorities said.
In an indictment unsealed Wednesday, a federal grand jury in Los Angeles charged that Jon Chang Hyok, 31, Kim Il, 27, and Park Jin Hyok, 36, attacked banks, entertainment companies, online casinos, defense contractors, energy utilities and others in the U.S., Bangladesh, Mexico, Indonesia, Britain, Vietnam, Pakistan and other countries.
Victims included Sony Pictures Entertainment Inc. Embarrassing emails sent by Sony executives were made public in 2014 in retaliation for the studio’s release of “The Interview,” a comedy film that depicted the fictional assassination of Kim Jong Un. One of the accused hackers, Park, was charged in the Sony attack in 2018, and now the other two men are accused of having a hand in the incursion as well.
The indictment announced Wednesday alleges a broader scheme to carry out various cybercrimes, including the attempted theft of $1.2 billion from banks across the globe, wide distribution of malicious cryptocurrency apps and spear-phishing campaigns to penetrate computer systems of U.S. defense contractors, the Pentagon and the U.S. State Department.
“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, have become the world’s leading bank robbers,” said Assistant Atty. Gen. John Demers of the Justice Department’s National Security Division.
“Simply put, the regime has become a criminal syndicate with a flag, which harnesses its state resources to steal hundreds of millions of dollars,” he added, referring to Jong Un’s repressive government.
While the hackers managed to penetrate computer networks around the globe, it was unclear on how successful the trio had been at obtaining money for the North Korean regime and themselves, Justice officials said.
But the indictment lists successful wire transfers of $110 million to bank accounts in South Korea; $104 million to accounts in Cambodia, Thailand and Taiwan; $81 million to accounts in the Philippines; and $60 million to accounts in the U.S., Sri Lanka and Cambodia — among others.
Prosecutors also announced that Ghaleb Alaumary, 37, of Ontario, Canada, had pleaded guilty to conspiracy, admitting that he laundered money for the alleged North Korean conspiracy, in part with accounts at banks in Woodland Hills and Inglewood.
“The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” said Tracy L. Wilkison, the acting U.S. Attorney in Los Angeles. “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.”
North Korea has emerged in the last decade as among the most sophisticated and threatening hacking forces in the world, according to cyber security experts and the U.S. government.
While Russian and Chinese hackers focus much of their illicit cyber activities on espionage or interfering in the U.S. political system, North Korea’s electronic army has been aggressive in the criminal realm. Under pressure from withering U.S. and international sanctions, North Korean hackers have turned to cyber crime — ransomware attacks, bank heists, digital currency hacks and even ATM withdrawal schemes — to generate cash for Kim Jong Un’s regime and its nuclear weapons program.
Last year, the U.S. government became so concerned about North Korea’s activity that it issued a dire advisory to cyber security professionals and the public about the hazards posed by the country’s hackers, saying their “malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system.”
“What we see almost uniquely out of North Korea is it trying to raise funds through illegal cyber activity,” Demers said. “Their need as a country is for currency because of their economic system and the sanctions placed on them…That’s not something we see from actors in China or Russia or in Iran.”
Hackers in those countries tend to be more focused on stealing intellectual property, gathering intelligence or disrupting U.S. elections, Demers said.
The indictment says the accused North Korean hackers spent time in Russia and China. Demers said he could not go into detail on why they went there, but suggested their travels highlighted the global nature of the cyber threat. “Russia and China are not only engaging in malign cyber activities but they are also providing a safe harbor for cyber criminals, or as in this case, nation state actors,” he said.
Source: LOS ANGELES TIMES