On Wednesday, the U.S. Justice Department charged three North Korean hackers with engaging in a “wide-ranging criminal conspiracy to conduct a series of destructive cyberattacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies, to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform.”
The group’s best-known effort was its high-profile 2014 attack on Sony Pictures in retaliation to the movie The Interview, which mocked North Korean leader Kim Jong-un’s criminal regime. The group leaked confidential emails between company executives.
The federal indictment names the three individuals — Jon Chang Hyok, Kim Il, and Park Jin Hyok, all of whom were members of the Reconnaissance General Bureau, an intelligence arm of the DPRK’s military forces.
U.S. federal investigators also named a Mississauga man, Ghaleb Alaumary, who collaborated with the trio. Alaumary agreed to a charge of conspiracy to commit money laundering, admitting to being a high-level money launderer for multiple criminal schemes, including ATM “cash-out” operations and a cyber-enabled bank heist orchestrated by the North Korean hackers.
Alaumary is also being prosecuted for his involvement in a separate business email compromise (BEC) scheme by the U.S. Attorney’s Office for the Southern District of Georgia.
Alaumary organized teams of co-conspirators in the United States and Canada to launder millions of dollars obtained through ATM cash-out operations, including from BankIslami and a bank in India in 2018. Alaumary also conspired with Ramon Olorunwa Abbas, aka “Ray Hushpuppi,” and others to launder funds from a North Korean-perpetrated cyber-enabled heist from a Maltese bank in February 2019. Last summer, the U.S. Attorney’s Office in Los Angeles charged Abbas in a separate case alleging that he conspired to launder hundreds of millions of dollars obtained through BEC frauds and other scams.
“These North Korean military hacking units are known by multiple names in the cybersecurity community, including Lazarus Group and Advanced Persistent Threat 38 (APT38). Park was previously charged in a criminal complaint unsealed in September 2018,” reads the indictment.
Federal investigators allege that the group engaged in a multitude of criminal activities in the United States and abroad, including cyberattacks on the entertainment industry, bank heists, ATM cash-out thefts, ransomware and extortion, the creation and deployment of malicious cryptocurrency apps, targeting of crypto companies and theft of cryptocurrency.
The group also ran “spear-phishing” campaigns by engaging in targeted attacks on multiple U.S. defense contractors, energy companies, aerospace companies, technology companies, the State Department, and the Department of Defense.
The hackers developed and marketed a fraudulent cryptocurrency token called Marine Chain, which invited investors to purchase ownership in marine shipping vessels supported by blockchain technology. The blockchain was designed to allow the DPRK to siphon funds and control marine shipping interests, while evading U.S. sanctions.
“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” said Assistant Attorney General John C. Demers of the Justice Department’s National Security Division. “The Department will continue to confront malicious nation state cyber activity with our unique tools and work with our fellow agencies and the family of norms abiding nations to do the same.”
“This case is a particularly striking example of the growing alliance between officials within some national governments and highly sophisticated cyber-criminals,” said U.S. Secret Service Assistant Director Michael R. D’Ambrosio. “The individuals indicted today committed a truly unprecedented range of financial and cyber-crimes: from ransomware attacks and phishing campaigns, to digital bank heists and sophisticated money laundering operations. With victims strewn across the globe, this case shows yet again that the challenge of cybercrime is, and will continue to be, a struggle that can only be won through partnerships, perseverance, and a relentless focus on holding criminals accountable.”