U.S. charges North Koreans in huge hacking operation

Ruben Fields
February 18, 2021

Federal prosecutors charged three North Korean hackers with conspiring to steal more than $1.3 billion from banks and companies around the world, the Justice Department announced Wednesday.

US State Department spokesperson Ned Price told reporters on Wednesday that North Korea's cyber activities threaten the United States and other countries around the world, and pose a significant threat to financial institutions.

Although officials briefing reporters on Wednesday said they couldn't pinpoint how successful the hackers were in their attempts to steal almost $1.3 billion, the indictment does allege cryptocurrency thefts of at least $112 million. This included $75 million from a Slovenian crypto company in December 2017, $24.9 million from an Indonesian company in September 2018, and $11.8 million from a financial services company in NY in August 2020.

The prospect of any of the North Korean hackers facing justice in a US court is remote at best given their role in the regime. "The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime".

The 33-page indictment unsealed Wednesday charges Park, Jon Chang Hyok and Kim Il with criminal conspiracy, conspiracy to commit wire fraud and bank fraud.

USA prosecutors say the men were members of the Reconnaissance General Bureau (RGB), an intelligence division of the Democratic People's Republic of Korea (DPRK) that manages the state's clandestine operations.

The Justice Department claims the suspects are all members of Lazarus, the notorious hacking group behind the 2014 Sony Pictures breach and the WannaCry ransomware outbreak in 2017. All three suspects are believed to now reside in North Korea, a country that has no extradition treaty with the US.

Donald Trump declares war on Republican senate minority leader Mitch McConnell
He even noted that though Trump is now out of office, he remains subject to the country's criminal and civil laws. The lawsuit, filed in district court in Washington Tuesday, was brought by the NAACP on behalf of Thompson.

The victims included Sony Pictures Entertainment Inc.

The indictment alleges that the hacking group's goal was to "further the strategic and financial interests of the DPRK government and its leader, Kim Jong Un" by causing damage, as well as stealing data and money from organizations all over the globe.

The Canadian American defendant, Ghaleb Alaumary, of Mississauga, Ontario, was a "prolific" money launderer for the three, who allegedly moved millions of dollars through fraudulent ATM transactions involving a network of associates in North America who withdrew cash from the machines.

The indictment charges the programmers as part of what it says is a wide-ranging conspiracy to steal money, deploy malicious cryptocurrency applications and market a blockchain platform.

A joint cyber advisory from the Federal Bureau of Investigation, the Treasury and DHS's Cybersecurity and Infrastructure Agency (CISA) delves deeper into these backdoored cryptocurrency apps, a family of malware activity referred to as "AppleJeus". "In addition to infecting victims through legitimate-looking websites, HIDDEN COBRA actors also use phishing, social networking, and social engineering techniques to lure users into downloading the malware". The schemes alleged include: ...

That blockchain-based cryptocurrency offering promised early investors the ability to purchase "fractional ownership in marine shipping vessels", which the government says was just another way for the North Korean government to "secretly obtain funds from investors, control interests in marine shipping vessels, and evade USA sanctions".

Other reports by

Discuss This Article