Three North Korean computer programmers have been charged in Los Angeles with conspiring to steal and extort more than $1 billion in a sweeping array of cyberattacks against banks, other companies and cryptocurrency traders around the world, federal authorities announced Wednesday.
The hackers were working for a North Korean military agency, the Reconnaissance General Bureau, and pursuing strategic and financial goals of the country’s leader, Kim Jong Un, authorities said.
In an indictment unsealed Wednesday, a federal grand jury in Los Angeles charged that Jon Chang Hyok, Kim Il, and Park Jin Hyok attacked banks, entertainment companies, online casinos, defense contractors, energy utilities and others in the U.S., Bangladesh, Mexico, Indonesia, Britain, Vietnam, Pakistan and other countries.
The victims included Sony Pictures Entertainment Inc. Embarrassing emails sent by Sony executives were made public in 2014, allegedly in retaliation for the studio’s release of “The Interview,” a comedy film that depicted the fictional assassination of Kim Jong Un. One of the accused hackers, Park, was charged in the Sony attack in 2018, and now the other two men are accused of having a hand in the incursion as well.
Beyond the Sony attack, the indictment announced Wednesday alleges a broader scheme to carry out various cybercrimes, including the attempted theft of $1.2 billion from banks across the globe, wide distribution of malicious cryptocurrency apps and spear-phishing campaigns to penetrate computer systems of U.S. defense contractors, the Pentagon and the U.S. State Department.
“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, have become the world’s leading bank robbers,” said Assistant Atty. Gen. John Demers of the Justice Department’s National Security Division.
“Simply put, the regime has become a criminal syndicate with a flag, which harnesses its state resources to steal hundreds of millions of dollars,” he added, referring to Jong Un’s repressive government.
While the hackers broke in to computer networks around the globe, it was unclear how successful the trio had been at obtaining money for the North Korean regime and themselves, Justice officials said.
But the indictment lists successful wire transfers of $110 million to bank accounts in South Korea; $104 million to accounts in Cambodia, Thailand and Taiwan; $81 million to accounts in the Philippines; and $60 million to accounts in the U.S., Sri Lanka and Cambodia — among others.
Prosecutors also announced that Ghaleb Alaumary, 37, of Ontario, Canada, had pleaded guilty to conspiracy, admitting that he laundered money for the alleged North Korean hackers, in part with accounts at banks in Woodland Hills and Inglewood.
“The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” said Tracy L. Wilkison, the acting U.S. attorney in Los Angeles. “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.”
North Korea has emerged in the last decade as among the most sophisticated and threatening hacking forces in the world, according to cybersecurity experts and the U.S. government.
While Russian and Chinese hackers focus much of their illicit cyber activities on espionage or interfering in the U.S. political system, North Korea has been aggressive in the criminal realm. Under pressure from withering U.S. and international sanctions, its hackers have turned to cybercrime — ransomware attacks, bank heists, digital currency hacks and even ATM withdrawal schemes — to generate cash for Kim Jong Un’s regime and its nuclear weapons program.
Last year, the U.S. government became so concerned about North Korea’s wide-ranging activity that it issued a dire advisory to cybersecurity professionals and the public about the hazards posed by the country’s hackers. The malicious conduct posed “a significant threat to the integrity and stability of the international financial system,” it said.
Plots outlined in the indictment Wednesday include the deployment of bogus apps for trading bitcoin and other cryptocurrencies. The apps gave the North Koreans a backdoor into the users’ computers, enabling them to steal tens of millions of dollars, prosecutors said.
“What we see almost uniquely out of North Korea is it trying to raise funds through illegal cyber activity,” Demers said. “Their need as a country is for currency because of their economic system and the sanctions placed on them. … That’s not something we see from actors in China or Russia or in Iran.”
Hackers in those countries tend to be more focused on stealing intellectual property, gathering intelligence or disrupting U.S. elections, Demers said.
The indictment says the accused North Korean hackers spent time in Russia and China. Demers said he could not go into detail on why they went there, but suggested their travels highlighted the global nature of the cyber threat. “Russia and China are not only engaging in malign cyber activities but they are also providing a safe harbor for cybercriminals, or as in this case, nation-state actors,” he said.
Jon, Kim and Park, who live in North Korea and face little risk of arrest by U.S. authorities, were each charged with conspiracy to commit computer fraud and abuse and conspiracy to commit wire and bank fraud. If apprehended and convicted, they could each face up to 35 years in prison.