The US justice department said on Wednesday, February 17 that three North Korean computer programmers have been charged in Los Angeles. The trio is accused of conspiring to steal and extort $1.3 billion in crypto and traditional currencies from banks and other victims through widespread cyberattacks.
According to the authorities, these cybercriminals were working for the North Korean military intelligence agency, the Reconnaissance General Bureau. As reported, they were pursuing the strategic and financial goals of the North Korean leader Kim Jong Un.
A federal grand jury charged that these three alleged hackers—Jon Chang Hyok, Kim Il and Park Jin Hyok—targeted banks, entertainment companies like Sony, online casinos and energy utilities. The threat actors not only targetted the US but also Bangladesh, Mexico, Indonesia, Britain, Pakistan, Vietnam and other countries.
The assistant attorney general John Demers said in a statement: "North Korea's operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world's leading bank robbers."
While referring to Kim Jong Un, Demers said: "Simply put, the regime has become a criminal syndicate with a flag, which harnesses its state resources to steal hundreds of millions of dollars."
The Modus Operandi
According to the US justice department, the alleged hackers created malicious cryptocurrency applications, opening backdoors into the computers of the victims. These three individuals developed a blockchain platform to avoid sanctions and secretly raise funds.
The trio is also said to be behind the cybersecurity campaigns to penetrate computer systems of the US defense contractors, the Pentagon and the US State Department.
The case filed in the Los Angeles federal court builds on 2018 charges against one of those North Korean individuals, Park Jin Hyok. At that time this man was charged with the hack of Sony Pictures in 2014—during which embarrassing emails sent by Sony executives were made public.
As per the new charges, along with Park the other two threat actors also worked for the Reconnaissance General Bureau.
"What we see almost uniquely out of North Korea is it trying to raise funds through illegal cyber activity. Their need as a country is for currency because of their economic system and the sanctions placed on them. ... That's not something we see from actors in China or Russia or Iran," said Demers.
However, in addition to the earlier charges, the thee engaged in operations out of their native, as well as Russia and China to attempt to steal $1.3 billion. They also allegedly hacked into and robbed digital currency exchanges in Slovenia and Indonesia. As per the court documents, they also extorted a New York exchange of $11.8 million.
Since the trio lives in North Korea, they face little risk of arrest by the US authorities. But if apprehended and convicted, all of them could each face up to 35 years in prison.