Security

Feds offer $5m reward for info on North Korean cyber crooks

Meanwhile: Caltech grad earns five years in prison for helping Kim's coders


The US government offered a reward up to $5 million for information that helps disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities.

The cash will be awarded "for information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including money laundering, exportation of luxury goods to North Korea, specified cyber-activity and actions that support WMD proliferation," according to the Feds.

This includes "information on those who seek to undermine cybersecurity, including financial institutions and cryptocurrency exchanges around the world, for the benefit of the Government of North Korea."

The State Department announced the cash incentive, which is part of its Rewards for Justice program, on Friday. The bounty comes a day after the FBI blamed Lazarus Group, the cybercrime gang that does the dirty work for North Korea's Reconnaissance General Bureau, for the theft of $620 million from video game Axie Infinity's Ronin Network.

Caltech grad gets five years for Korean crypto

Earlier this week, a US court sentenced an American citizen to more than five years in prison, and fined him $100,000, for providing cryptocurrency and blockchain technical advice to North Korea in breach of sanctions. 

Virgil Griffith, who has a doctorate in computational and neural systems from Caltech, began instructing the N. Korean government on how to mine digicash and launder the money in August 2018. He proved so popular that in April 2019 Griffith went to North Korea and gave a presentation at the Pyongyang Blockchain and Cryptocurrency Conference titled "Blockchain and Peace."

On his return he admitted [PDF] encouraging other Americans to visit North Korea and help it expand its coin-mining operations. He worked to set up a cryptocurrency exchange between North and South Koreans. But he was interviewed by the FBI in May 2019 and arrested shortly afterwards.

Griffith pleaded guilty to conspiracy to violate the International Emergency Economic Powers Act and was sentenced to serve 63 months behind bars and fined $100,000 by a southern New York federal distract court. Upon release he will have an additional three years of probation.

"There is no question North Korea poses a national security threat to our nation," US Attorney Damian Williams said in a statement. "Mr Griffith admitted in court he took actions to evade sanctions, which are in place to prevent the DPRK from building a nuclear weapon."

Lazarus Group, along with Kim Jong-un's other cyber goons, are perhaps best known for the infamous WannaCry attacks and lots of cryptocurrency theft.

However, when they are not bilking people and organizations out of millions of dollars, they also enjoy cyber spying on high-impact targets. Fresh evidence was revealed this week linking a recent espionage campaign against South Korean targets to file hashes, file names, and tools previously used by Lazarus, according to Symantec. ®

Send us news
15 Comments

Uncle Sam probes cyberattack on Pennsylvania water system by suspected Iranian crew

CISA calls for stronger IT defenses as Texas district also hit by ransomware crew

US cybercops take on 'pig butchering' org, return $9M in scammed crypto

Crims drain wallets of marks after letting them in on 'awesome crypto scheme secret'

Leader of pro-Russia DDoS crew Killnet 'unmasked' by Russian state media

Also: NXP China attack, Australia can't deliver on ransom payment ban (yet), and Justin Sun's very bad month

MOVEit victim count latest: 2.6K+ orgs hit, 77M+ people's data stolen

Real-life impact of buggy software laid bare – plus: Avast tries to profit from being caught up in attacks

Mirai malware infects routers and cameras for new botnet

Akamai sounds the alarm – won't name the manufacturers yet

Scores of US credit unions offline after ransomware infects backend cloud outfit

Supply chain attacks: The gift that keeps on giving

Rogue ex-Motorola techie admits cyberattack on former employer, passport fraud

Pro tip: Don't use your new work email to phish your old firm

'Serial cybercriminal and scammer' jailed for 8 years, told to pay back $1.2M

Crook did everything from SIM swaps to fake verified badge scams

Clorox CISO flushes self after multimillion-dollar cyberattack

Plus: Ransomware crooks file SEC complaint against victim

Top Ukrainian cyber officials fired after allegedly pocketing kickbacks from govt IT deals

Duo probed over alleged $2M embezzlement plot

Industry piles in on North Korea for sustained rampage on software supply chains

Kim’s cyber cronies becoming more active, sophisticated in attempts to pwn global orgs

North Korea readies third attempt at 'spy satellite' launch

What a coincidence! The South is just about to lauch one, too. And it probably won't be junk like the hermit kingdom's recent efforts