Uncle Sam accuses three suspected North Korean govt hackers of stealing $1.3bn+ from banks, crypto orgs

Three suspected North Korean military intelligence hackers have been charged with, among other things, conspiring to loot more than $1.3bn (£938m) from banks, ATMs, and cryptocurrency companies, according to an indictment unsealed by the US Department of Justice on Wednesday.

“North Korea’s operatives, using keyboards rather than masks and guns, are the world’s leading 21st century nation-state bank robbers,” Assistant Attorney General John Demers of the Justice Department’s National Security Division, said in a statement.

Court documents, filed in the District Court in Los Angeles in December last year and now made public [PDF], claim Park Jin Hyok, 36, Jon Chang Hyok, 31, and Kim Il, 27, were hackers employed by the Reconnaissance General Bureau (RGB), a North Korean intelligence agency.

The three men have been charged with a long list of wrongdoing, including the hacking of Sony in 2014 for its film, The Interview, that depicted a fictional assassination of the North Korean leader Kim Jong Un. More financially rewarding was their alleged hand in creating the WannaCry ransomware in 2017 that knackered the UK’s National Health System and hit businesses from the automotive to banking industries.

WannaCry ended up infecting 74 countries, causing havoc worldwide. British malware-prober Marcus Hutchins famously found and activated the domain-name-based killswitch for the software nasty, halting its spread.

The indictment also claimed the suspected Pyongyang cyber-spies pilfered and extorted as much as $1.2bn dollars (£866m) from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa between 2015 and 2019 by hacking into their computer networks.

The men also, it is claimed, siphoned $6.1m (£4.4m) from ATMs in Pakistan, targeted digital currency exchanges and trading platforms to pinch $111.7m (£80.6m), and even went as far as inventing their own blockchain and cryptocurrency to enrich the North Korean regime. A total of $1.9m (£1.4m) worth of various allegedly stolen cryptocurrencies were seized by the FBI and the US Attorney’s Office, and will be returned to two companies in New York.

On top of hacking for money, the North Koreans carried out multiple phishing attacks to steal sensitive data from US government contractors and agencies, such as the Department of State and the Department of Defense, it is claimed.

The trio have been charged with one count of conspiracy to commit computer fraud and abuse, and one count of conspiracy to commit wire fraud and bank fraud, which carry a maximum sentence of five years and 30 years in prison, respectively, if convicted. It's unlikely they will ever stand trial in the United States. Park was also identified as a member of the RGB and part of a team known as the Lazarus Group in a previous DoJ complaint.

“The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” said Acting US Attorney Tracy Wilkison. “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.” ®