Security

Feds offer $5m reward for info on North Korean cyber crooks

Meanwhile: Caltech grad earns five years in prison for helping Kim's coders


The US government offered a reward up to $5 million for information that helps disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities.

The cash will be awarded "for information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including money laundering, exportation of luxury goods to North Korea, specified cyber-activity and actions that support WMD proliferation," according to the Feds.

This includes "information on those who seek to undermine cybersecurity, including financial institutions and cryptocurrency exchanges around the world, for the benefit of the Government of North Korea."

The State Department announced the cash incentive, which is part of its Rewards for Justice program, on Friday. The bounty comes a day after the FBI blamed Lazarus Group, the cybercrime gang that does the dirty work for North Korea's Reconnaissance General Bureau, for the theft of $620 million from video game Axie Infinity's Ronin Network.

Caltech grad gets five years for Korean crypto

Earlier this week, a US court sentenced an American citizen to more than five years in prison, and fined him $100,000, for providing cryptocurrency and blockchain technical advice to North Korea in breach of sanctions. 

Virgil Griffith, who has a doctorate in computational and neural systems from Caltech, began instructing the N. Korean government on how to mine digicash and launder the money in August 2018. He proved so popular that in April 2019 Griffith went to North Korea and gave a presentation at the Pyongyang Blockchain and Cryptocurrency Conference titled "Blockchain and Peace."

On his return he admitted [PDF] encouraging other Americans to visit North Korea and help it expand its coin-mining operations. He worked to set up a cryptocurrency exchange between North and South Koreans. But he was interviewed by the FBI in May 2019 and arrested shortly afterwards.

Griffith pleaded guilty to conspiracy to violate the International Emergency Economic Powers Act and was sentenced to serve 63 months behind bars and fined $100,000 by a southern New York federal distract court. Upon release he will have an additional three years of probation.

"There is no question North Korea poses a national security threat to our nation," US Attorney Damian Williams said in a statement. "Mr Griffith admitted in court he took actions to evade sanctions, which are in place to prevent the DPRK from building a nuclear weapon."

Lazarus Group, along with Kim Jong-un's other cyber goons, are perhaps best known for the infamous WannaCry attacks and lots of cryptocurrency theft.

However, when they are not bilking people and organizations out of millions of dollars, they also enjoy cyber spying on high-impact targets. Fresh evidence was revealed this week linking a recent espionage campaign against South Korean targets to file hashes, file names, and tools previously used by Lazarus, according to Symantec. ®

Send us news
15 Comments

US bans North Korean outsourcer and its feisty freelancers

They do your work – usually from Russia and China – then send their wages home to pay for missiles

Philly Inquirer says Cuba ransomware gang's data leak claims are fake news

Now that's a Rocky relationship

'Strictly limit' remote desktop – unless you like catching BianLian ransomware

Do it or don't. We're not cops. But the FBI are, and they have this to say

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs

Pegasus-pusher NSO gets new owner keen on the commercial spyware biz

Investors roll the dice against government sanctions and lawsuits

Alien versus Predator? No, this Android spyware works together

Phone-hugging code can record calls, read messages, track geolocation, access camera, other snooping

Dish confirms 300,000 people's data was exposed in February's attack

But don't worry – we know it was deleted. Hmm. How would you know that?

Russian IT guy sent to labor camp for DDoSing Kremlin websites

Pro-Ukraine techie gets hard time

Intel says Friday's mystery 'security update' microcode isn't really a security update

We're all for encouraging people to squash bugs but this is an odd way to do it

BlackByte ransomware crew lists city of Augusta after cyber 'incident'

Mayor promises to comment on Friday

North Korean spy satellite launch ends in sea smash

Rather than herald exciting success of best-ever lift-off, state media confirms fiasco. Consider us surprised

Uncle Sam strangles criminals' cashflow by reining in money mules

Tech support scammer among those targeted by recent crackdowns