North Korea

Feds Expand Charges Against North Korean Government Hackers Accused in Sony Breach

Prosecutors say group’s cyber-attacks have netted more than $1-billion in stolen cash, same team blamed in Sony Pictures intrusion.

Mark Wheaton

A group of North Korean military hackers previously accused of orchestrating the cyber-attack on Sony Pictures has been charged by U.S. prosecutors in Los Angeles with a slew of new computer crimes.

An indictment unsealed Wednesday expands charges first brought in 2018 against three individually named hackers, alleging the trio took part in a conspiracy to steal cash and cryptocurrency from banks and individuals around the world.

A second unsealed criminal case described a money-laundering scheme that facilitated some of the financial thefts, including an allegation that a massive 2019 cyber-theft from a bank in Malta was, in part, facilitated by an individual charged in Los Angeles last summer with money laundering.

“The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” Acting U.S. Attorney Tracy L. Wilkison, the head federal prosecutor in Southern California, said in a statement. 

“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than masks and guns, are the world’s leading 21st century nation-state bank robbers,” Assistant Attorney General John Demers of the Justice Department’s National Security Division said in prepared remarks.

According to federal authorities, the three hackers:

  • Orchestrated the cyber attack on Sony Pictures in 2014 to retaliate for the release of the movie “The Interview” that showed the fictional assassination of the North Korean dictator
  • Created a number of cryptocurrency attacks between 2018 and 2020 and stole more than $100-million in cryptocurrency, including an $11.8 million theft in 2020 from New York
  • Created the “WannaCry 2.0” ransomware in 2017 and attempted to extort payments from governments and businesses by remotely encrypting their data.
  • Created and executed a variety of “spear phishing” attacks against U.S. companies, including defense contractors, aerospace, energy, and technology companies, and against the U.S. Departments of Defense and State.

The three men under indictment, Jon Chang Hyok, 31, Kim Il, 27, and Park Jin Hyok, 36, are employees of a cyber intelligence unit of the North Korean military, sometimes referred to as the, “Lazarus Group,” or, “Advanced Persistent Threat 38

Contact Us