WASHINGTON – The US Justice Department charged three North Korean military intelligence officials on Wednesday (Feb 17) in a campaign of cyberattacks to steal US$1.3 billion in crypto and traditional currencies from banks and other targets.
The first action against Pyongyang by President Joe Biden’s administration took aim at what the department called “a global campaign of criminality” being waged by North Korea.
The department accused the three of a wide-ranging hacking and malware operation to obtain funds for their government while avoiding punishing UN sanctions that have cinched off its sources of income.
Over at least seven years, the officials created malicious cryptocurrency applications that opened back doors into targets’ computers; hacked into companies marketing and trading digital currencies like bitcoin; and developed a blockchain platform to evade sanctions and secretly raise funds, the department said.
The case filed in federal court in Los Angeles builds on 2018 charges against one of the three, identified as Park Jin Hyok.
He was charged with the 2014 hack of Sony pictures, the creation of the notorious WannaCry ransomware, and the 2016 theft of US$81 million from the central bank of Bangladesh.
The new charges added two defendants, Jon Chang Hyok and Kim Il.
The allegations said the three worked together in the North Korean military intelligence’s hacking-focused Reconnaissance General Bureau, better known within the cybersecurity community as the Lazarus Group, or APT 38.
In addition to the earlier charges, the three allegedly operated out of North Korea, Russia and China to hack computers using spearfishing techniques, and to promote cryptocurrency applications loaded with malicious software that allowed them to empty victims’ crypto wallets.
They allegedly robbed digital currency exchanges in Slovenia and Indonesia and extorted a New York exchange of US$11.8 million.
In a 2018 scheme, they robbed US$6.1 million from ATM machines from Pakistan’s BankIslami after gaining access to its computer network.
The Justice Department did not specify exactly how much it believed the defendants have stolen altogether.
‘Keyboards Instead of Guns’
In addition, the charges said, Kim Il developed the blockchain-based digital currency-like “Marine Chain Token” which ostensibly was an instrument for investors to buy shares of shipping vessels.
He marketed opportunities to invest in the scheme in Singapore, without telling potential investors that it was mainly designed to hide ship ownership identities to help North Korea avoid sanctions, the charges said.
All of the actions, the Justice Department said, were to “further the strategic and financial interests of the (North Korean) government and its leader, Kim Jong Un.”
“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” said Assistant Attorney General John Demers in a statement.
“Nation-state indictments like this are an important step in identifying the problem, calling it out in a legally rigorous format, and building international consensus,” Demers said.
In parallel, the department announced that Ghaleb Alaumary of Mississauga, Canada, had pleaded guilty to one charge of acting as a money launderer for the North Koreans.
Alaumary helped arrange for money to be removed from ATMs hacked by the North Korean operation.
He was also, the department said, a “prolific” money launderer for other hackers engaged in ATM cash-out schemes, cyber-enabled bank theft, and fraud schemes based on hijacking companies’ email.