US Charges N. Korean Man in Sony Hack, Other Attacks
U.S. prosecutors on Thursday announced criminal charges against a North Korean hacker they said was involved in a string of brazen cyberattacks in recent years, including the 2014 invasion on Sony Pictures and a 2016 heist at the central bank of Bangladesh.
Prosecutors identified the hacker as Park Jin Hyok, a computer programmer and member of a North Korean regime-sponsored hacking team known as the Lazarus Group. The group is accused of engaging in a multiyear conspiracy to conduct “multiple destructive cyberattacks” on banks and other institutions around the world.
The charges against Park were filed in federal court in Los Angeles, where Sony Pictures is headquartered, on June 8, four days before U.S. President Donald Trump met with North Korean leader Kim Jong Un during a historic summit in Singapore. The allegations come as the Trump administration is seeking to break a stalemate in denuclearization talks with the North Korean government.
Park, who faces charges of conspiracy to commit wire fraud and conspiracy to commit computer-related fraud, remains at large. The FBI released a wanted poster that seeks information about him.
The Treasury Department announced sanctions against Park and Chosun Expo Joint Venture, a North Korean government front company that employed him.
“Today’s announcement demonstrates the FBI’s unceasing commitment to unmasking and stopping the malicious actors and countries behind the world’s cyberattacks,” FBI Director Christopher Wray said. “We stand with our partners to name the North Korean government as the force behind this destructive global cybercampaign.”
Accused of numerous attacks
The hacking group is accused of carrying out numerous other attacks on financial institutions, entertainment companies, defense contractors, virtual currency industries, academia and electric facilities in the United States, as well as on entities in Europe, Asia, Africa, North America and South America.
Assistant Attorney General John Demers called the scale of the cyberattacks “staggering.”
The attack on Sony Pictures crippled the company’s networks and was widely believed to have been carried out in retaliation for the release of The Interview, an action comedy film that depicted a fictional assassination plot against Kim.
The complaint alleges that the North Korean hackers stole movies and other confidential information during the invasion and rendered thousands of the company’s computers inoperable. The administration of former President Barack Obama sanctioned three North Korean organizations and 10 individuals for the attack.
In the 2016 attack on Bangladesh Bank, the country’s central bank, Lazarus Group hackers attempted to transfer out as much as $1 billion but ended up with $81 million. The heist is seen as the largest cybertheft from a financial institution.
The group was also behind the 2017 global ransomware attack known as WannaCry 2.0. The complaint alleges that the Lazarus Group hackers wrote the malware used in the attack, which infected computer networks in more than 150 countries.
The criminal complaint alleges that Park worked as a computer programmer for Chosun Expo for over a decade.
The company is affiliated with Lab 110, a component of the North Korean military intelligence service, according to the complaint. In addition to performing legitimate programming work for paying clients, the Lazarus Group is accused of engaging in malicious cyberattacks.
Officials said the investigation into the group was ongoing.
Growing cyberthreats to US
In recent years, U.S. officials have singled out North Korea among the countries that pose growing cyberthreats to the U.S. In its annual Worldwide Threat Assessment report, released in February, the Office of the Director of National Intelligence said Russia, China, Iran and North Korea “will pose the greatest cyberthreats to the United States during the next year.”
Lazarus is one of several North Korean hacking groups. Another is known as Reaper, a group that started off focusing on South Korea but has expanded to targets throughout East and South Asia over the past year, said Benjamin Reed, senior manager for cyber espionage analysis at cybersecurity firm FireEye.
“So there is definitely more than one hacking group out of North Korea,” Reed said.
He said north Korean hackers engage in two types of activities: traditional espionage aimed at its neighbors, Asian countries and the United States, and financially motivated cyberattacks carried out in countries with vulnerable computer networks.
Reed said that Lazarus was active as recently as a few months ago and that it remained to be seen how it would react to the publicity surrounding the criminal charges announced Thursday.
The group had been previously tied to the Sony, Bangladesh Bank and WannaCry attacks, and the FBI and the Department of Homeland Security issued an alert about it in June. But the scrutiny hasn’t fazed the group, Reed said.
Jeanette Manfra, the homeland security department’s top cybersecurity official, said the charges against Park could have a deterrent effect.
“It’s important to hold people accountable for their actions and use the tools that the government has available,” Manfra said. “It changes a country’s calculus.”