Three North Korean hackers were indicted in the U.S. last week for carrying out a wide range of cyber crimes and stealing more than $1.3 billion in real money and cryptocurrency from financial institutions and other organizations.
The indictment was filed in the U.S. District Court in Los Angeles against three North Korean computer programmers, who are alleged members of Reconnaissance General Bureau (RGB), a military intelligence agency of North Korea.
The alleged criminals, namely 31-year-old Jon Chang Hyok, 27-year-old Kim Il, and 36-year-old Park Jin Hyok, were a part of North Korean military hacking units and went by multiple names in the cybersecurity community, including Advanced Persistent Threat 38 (APT38) and the notorious Lazarus Group.
“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers. The Department will continue to confront malicious nation-state cyber activity with our unique tools and work with our fellow agencies and the family of norms abiding nations to do the same,” said Assistant Attorney General John C. Demers of the Justice Department’s National Security Division.
The indictment covered a wide range of criminal activities conducted by the three men globally. The main motive behind these cyber attacks was either financial gain or revenge. For example, Sony Pictures Entertainment suffered a massive cyber attack in November 2014 as revenge for the movie ‘The Interview’ which depicted a fictional assassination of North Korea’s leader. AMC Theatres, which was scheduled to show the film also suffered a similar attack the following month.
Another similar retaliation was seen in 2015 when the attackers targeted British film production company Mammoth Screen for producing a fictional series involving a British nuclear scientist taken prisoner in North Korea. The drama series, titled Opposite Number, was soon shelved as the producers were unable to secure enough funding.
According to the indictment, the three Lazarus Group hackers also stole more than $1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa by hacking into their computer networks and sending fraudulent SWIFT messages. The hackers also stole $6.1 million from BankIslami Pakistan Limited.
Aside from committing these crimes, the hackers also developed several malicious cryptocurrency applications which provided them a backdoor into victims’ computers. Hundreds of cryptocurrency companies were targeted by these criminals to steal millions of dollars, including $75 million from a Slovenian cryptocurrency company, $24.9 million from an Indonesian cryptocurrency company, and $11.8 million from a financial services company in New York using the malicious CryptoNeuro Trader application as a backdoor.
Many spear-phishing campaigns were perpetrated by these hackers to target employees of U.S.-cleared defense contractors, energy companies, aerospace companies, technology companies, the U.S.Department of State, and the U.S. Department of Defence. Furthermore, the Marine Chain Token was also developed by them which enabled North Korea to secretly obtain funds from investors, control interests in marine shipping vessels, and evade U.S. sanctions.
Founded in 2009, Lazarus Group has been one of the most notorious hacker groups and has been behind a large number of cyber-attacks on media, finance and aerospace companies as well as on governments across the world. It is best known for conducting the global WannaCry attack which spread malicious ransomware to hundreds of thousands of computers around the world. The indictment alleges that these hackers engaged in a single conspiracy to cause damage, steal data and money, and otherwise further the strategic and financial interests of the DPRK government and its leader, Kim Jong Un.
FBI Deputy Director, Paul Abbate said, “Today's unsealed indictment expands upon the FBI’s 2018 charges for the unprecedented cyberattacks conducted by the North Korean regime. The ongoing targeting, compromise, and cyber-enabled theft by North Korea from global victims was met with the outstanding, persistent investigative efforts of the FBI in close collaboration with U.S. and foreign partners.
“By arresting facilitators, seizing funds, and charging those responsible for the hacking conspiracy, the FBI continues to impose consequences and hold North Korea accountable for its/their criminal cyber activity,” he added.