WASHINGTON — The Justice Department on Wednesday unsealed charges against three North Korean intelligence officials accused of hacking scores of companies and financial institutions to thwart U.S. sanctions, illegally fund the North Korean government and control American corporations deemed enemies of the state, including Sony Pictures Entertainment.
The charges are the government’s latest effort to show that North Korea has engaged in a brazen, yearslong effort to undermine and attack institutions around the world and steal millions of dollars even as the United States and its allies intensify efforts to rein in the country and its nuclear ambitions.
One of the officials, Park Jin-hyok, a member of North Korea’s military intelligence agency, was accused by the Justice Department in 2018 of participating in the Sony hacking that crippled the company, as well as the WannaCry cyberattack on Britain’s National Health Service, and an attack on the Bangladeshi central bank and financial institutions around the world.
Building on that investigation, the Justice Department indicted Mr. Park and two more North Korean spies, Jon Chang-hyok and Kim Il, on charges related to those attacks, as well as new accusations that they tried to steal more than $1.3 billion in money and digital currencies from financial institutions and companies.
“Simply put, the regime has become a criminal syndicate with a flag, which harnesses its state resources to steal hundreds of millions of dollars,” John C. Demers, the head of the Justice Department’s National Security Division, said in a statement.
Prosecutors declined to say how much money the hackers actually obtained.
Separately, federal prosecutors charged Ghaleb Alaumary, 37, a dual citizen of the United States and Canada, with organizing a network of people in those countries to launder millions of dollars that the North Korean government obtained from the hackers. Mr. Alaumary pleaded guilty to the charge.
Wednesday’s broad indictment supports the findings of a report released this month by Recorded Future, a cybersecurity research group, that concluded that North Korea has greatly expanded its ability to use the internet to financially prop up its government even though the United States and its allies have choked off oil supplies and imposed strict sanctions on the country.
The report also found that North Korea has vastly improved its ability to steal cryptocurrencies like Bitcoin.
The charges illustrate just how adept Pyongyang has become at exploiting the world of such cryptocurrencies, as the value of Bitcoin has surpassed $50,000 and large corporations and financial institutions have begun to embrace digital currencies.
The Justice Department accused the intelligence officers of luring investors into a fake digital coin investment scheme, stealing cryptocurrencies from financial institutions and creating malware to target cryptocurrency apps and take control of victim computers.
Mr. Jon and Mr. Kim were accused of working with Mr. Park to operate illegal hacking schemes from North Korea, China and Russia beginning as early as 2014, when they attacked Sony in retaliation for the company’s decision to make and release a movie, “The Interview,” that depicted a plot to assassinate Kim Jong-un, the leader of North Korea.
The disastrous attack wiped out 70 percent of the company’s computer capabilities, crippled operations and contributed to the resignation of the studio’s chairwoman, Amy Pascal.
After the Sony attack, prosecutors said, the three men used malware-laden phishing emails to gain access to Bangladesh Bank computers, which are connected to the global banking communication system, and ultimately direct the Federal Reserve Bank of New York to transfer money from Bangladesh Bank to accounts controlled by the hackers. They were able to steal only $81 million because an official at the reserve bank noticed that the word “foundation” was misspelled, scrutinized the transaction and halted the transfer of an additional $900 million, according to government documents in the case against Mr. Park.
The three men also used the crippling WannaCry malware to infiltrate and paralyze the British health care system’s computer network, according to court papers, and they tried to break into the computer networks of U.S. defense contractors.
Those schemes were largely known, as they made up the bulk of the charges against Mr. Park, which were unveiled three years ago.
But federal prosecutors also revealed new accusations that the hackers cashed out money from A.T.M.s, resulting in $6.1 million stolen from BankIslami Pakistan alone; that they used the WannaCry ransomware to extort money from victims after it was used against the British health system; and that they tried to break into energy, aerospace and technology companies and the State and Defense Departments, as recently as last year.
The hackers were accused of trying to steal more than $1.2 billion from banks around the world, most recently in 2019 when, prosecutors said, they infiltrated the computer systems of a bank in Malta and sent commands to transfer funds.
But some of their most notable schemes were cryptocurrency-related.
The three men allegedly created at least nine pieces of malware disguised as software used for trading or storing cryptocurrencies, giving them access to the computers of their victims. Last summer, they used one of these pieces of malware to steal about $11.8 million worth of cryptocurrency from an unspecified New York financial institution, which they also tried to extort.
They also created an initial coin offering — essentially an initial public offering to raise money for a new digital coin — for a digital token called Marine Chain Token that purportedly allowed investors to buy interest in shipping vessels. They were accused of using fake identities to pitch the potential investors in Singapore and planned to get approval to publicly trade it in Hong Kong, never disclosing that the money raised from investors would actually be used to evade U.S. sanctions against North Korea, according to the indictment.
And they were charged with stealing tens of millions of dollars’ worth of cryptocurrency, including more than $111 million from companies in Slovenia, Indonesia and New York.
Mr. Demers said during a news conference that there was little chance that any of the men, who live in North Korea, would be arrested. But the Justice Department publicly revealed their identities and the accusations against them, he said, to show the public the seriousness of the threats from countries like North Korea. The department also wanted to demonstrate that it is able to identify the criminals behind cyberattacks and to warn those hackers and the countries that support them, he said.
“If the choice here is between remaining silent while we at the department watch nations engage in malicious, norms-violating cyberactivity, or charging these cases, the choice is obvious,” Mr. Demers said in a statement. “We will charge them.”