WASHINGTON, Feb 19 (NNN-AGENCIES) — The US Justice Department charged three North Korean military intelligence officials in a campaign of
cyberattacks to steal $1.3 billion in crypto and traditional currencies from
banks and other targets.
The first action against Pyongyang by President Joe Biden’s administration
took aim at what the department called “a global campaign of criminality”
being waged by North Korea.
The department accused the three of a wide-ranging hacking and malware
operation to obtain funds for their government while avoiding punishing UN sanctions that have cinched off its sources of income.
Over at least seven years, the officials created malicious cryptocurrency
applications that opened back doors into targets’ computers; hacked into
companies marketing and trading digital currencies like bitcoin; and
developed a blockchain platform to evade sanctions and secretly raise funds, the department said.
The case filed in federal court in Los Angeles builds on 2018 charges
against one of the three, identified as Park Jin Hyok.
He was charged with the 2014 hack of Sony pictures, the creation of the
notorious WannaCry ransomware, and the 2016 theft of $81 million from the central bank of Bangladesh.
The new charges added two defendants, Jon Chang Hyok and Kim Il.
The allegations said the three worked together in the North Korean military
intelligence’s hacking-focused Reconnaissance General Bureau, better known within the cybersecurity community as the Lazarus Group, or APT 38.
In addition to the earlier charges, the three allegedly operated out of
North Korea, Russia and China to hack computers using spearfishing
techniques, and to promote cryptocurrency applications loaded with malicious software that allowed them to empty victims’ crypto wallets.
They allegedly robbed digital currency exchanges in Slovenia and Indonesia and extorted a New York exchange of $11.8 million.
In a 2018 scheme, they robbed $6.1 million from ATM machines from
Pakistan’s BankIslami after gaining access to its computer network.
The Justice Department did not specify exactly how much it believed the
defendants have stolen altogether.
In addition, the charges said, Kim Il developed the blockchain-based
digital currency-like “Marine Chain Token” which ostensibly was an instrument for investors to buy shares of shipping vessels.
He marketed opportunities to invest in the scheme in Singapore, without
telling potential investors that it was mainly designed to hide ship
ownership identities to help North Korea avoid sanctions, the charges said.
All of the actions, the Justice Department said, were to “further the
strategic and financial interests of the (North Korean) government and its
leader, Kim Jong Un.”
“North Korea’s operatives, using keyboards rather than guns, stealing
digital wallets of cryptocurrency instead of sacks of cash, are the world’s
leading bank robbers,” said Assistant Attorney General John Demers in a
statement.
“Nation-state indictments like this are an important step in identifying
the problem, calling it out in a legally rigorous format, and building
international consensus,” Demers said.
In parallel, the department announced that Ghaleb Alaumary of Mississauga, Canada, had pleaded guilty to one charge of acting as a money launderer for the North Koreans.
Alaumary helped arrange for money to be removed from ATMs hacked by the North Korean operation.
He was also, the department said, a “prolific” money launderer for other
hackers engaged in ATM cash-out schemes, cyber-enabled bank theft, and fraud schemes based on hijacking companies’ email.
The case announced Wednesday was the first open action taken against North Korea by the Biden administration, amid ongoing tensions over Pyongyang’s development of nuclear weapons and long-range missiles that threaten the United States and allies.
State Department spokesman Ned Price said the administration is reviewing policy toward the country.
The review “will take into account the totality of the malign activity and
the threats that are emanating from North Korea,” Price said.
“Most frequently we speak of North Korea’s nuclear and ballistic missile
program, but of course, its malicious cyber activity is something we are
carefully evaluating and looking at as well,” he said. — NNN-AGENCIES
