Three North Korean military hackers have been charged with participating in a criminal conspiracy to conduct a series of cyberattacks and steal and extort more than $1.3 billion in money and cryptocurrency from financial institutions and companies.
According to a federal indictment unsealed in the US District Court for the Central District of California, Jon Chang Hyok, Kim Il, and Park Jin Hyok were allegedly members of a North Korean military intelligence agency known as the Reconnaissance General Bureau, which engages in criminal hacking. The three allegedly were attempting to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform.
The indictment alleges a wide range of cybercrimes committed by the conspiracy, including the 2014 cyberattack on Sony Pictures; attempts to steal more than $1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa; the creation of the WannaCry 2.0 ransomware in 2017; and the extortion and attempted extortion of companies involving the theft of sensitive data and deployment of other ransomware.
The alleged criminal activity also includes developing multiple malicious cryptocurrency applications to create a backdoor into victims’ computers; the theft of tens of millions of dollars’ worth of cryptocurrency; and multiple spear-phishing campaigns that targeted employees of the US State Department and the Department of Defense, as well as those who worked at US defense contractors, energy companies, aerospace companies, and tech companies.
“The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” Tracy Wilkison, acting US attorney for the Central District of California, said in a statement. “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.”
The US Attorney’s Office and FBI also obtained warrants to seize cryptocurrency stolen by the North Korean hackers from an unnamed New York-based financial services firm that was being held at two cryptocurrency exchanges. The seizures of multiple cryptocurrencies totaled approximately $1.9 million, which will be returned to the firm.
Jon, Kim, and Park have been charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, and one count of conspiracy to commit wire fraud and bank fraud, which carries a maximum sentence of 30 years in prison.
Federal prosecutors also unsealed a charge against Ghaleb Alaumary of Ontario, Canada, for laundering money for the North Korean conspiracy, among other criminal activities. Alaumary agreed to plead guilty to one count of conspiracy to commit money laundering, which carries a maximum sentence of 20 years in prison.