Feds offer $5m reward for info on North Korean cyber crooks

The US government offered a reward up to $5 million for information that helps disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities.

The cash will be awarded "for information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including money laundering, exportation of luxury goods to North Korea, specified cyber-activity and actions that support WMD proliferation," according to the Feds.

This includes "information on those who seek to undermine cybersecurity, including financial institutions and cryptocurrency exchanges around the world, for the benefit of the Government of North Korea."

The State Department announced the cash incentive, which is part of its Rewards for Justice program, on Friday. The bounty comes a day after the FBI blamed Lazarus Group, the cybercrime gang that does the dirty work for North Korea's Reconnaissance General Bureau, for the theft of $620 million from video game Axie Infinity's Ronin Network.

Caltech grad gets five years for Korean crypto

Earlier this week, a US court sentenced an American citizen to more than five years in prison, and fined him $100,000, for providing cryptocurrency and blockchain technical advice to North Korea in breach of sanctions. 

Virgil Griffith, who has a doctorate in computational and neural systems from Caltech, began instructing the N. Korean government on how to mine digicash and launder the money in August 2018. He proved so popular that in April 2019 Griffith went to North Korea and gave a presentation at the Pyongyang Blockchain and Cryptocurrency Conference titled "Blockchain and Peace."

On his return he admitted [PDF] encouraging other Americans to visit North Korea and help it expand its coin-mining operations. He worked to set up a cryptocurrency exchange between North and South Koreans. But he was interviewed by the FBI in May 2019 and arrested shortly afterwards.

Griffith pleaded guilty to conspiracy to violate the International Emergency Economic Powers Act and was sentenced to serve 63 months behind bars and fined $100,000 by a southern New York federal distract court. Upon release he will have an additional three years of probation.

"There is no question North Korea poses a national security threat to our nation," US Attorney Damian Williams said in a statement. "Mr Griffith admitted in court he took actions to evade sanctions, which are in place to prevent the DPRK from building a nuclear weapon."

• North Korea's Lazarus cyber-gang caught 'spying' on chemical sector companies
• North Korea pulled in $400m in cryptocurrency heists last year – report
• Uncle Sam accuses three suspected North Korean govt hackers of stealing $1.3bn+ from banks, crypto orgs
• FBI fingers the Norks it wants to pinch for Sony hack, WannaCry attacks

Lazarus Group, along with Kim Jong-un's other cyber goons, are perhaps best known for the infamous WannaCry attacks and lots of cryptocurrency theft.

However, when they are not bilking people and organizations out of millions of dollars, they also enjoy cyber spying on high-impact targets. Fresh evidence was revealed this week linking a recent espionage campaign against South Korean targets to file hashes, file names, and tools previously used by Lazarus, according to Symantec. ®