Published: Thu, February 18, 2021
Tech | By

USA indicts 3 N. Korean hackers in attempted theft of $1.3b

USA indicts 3 N. Korean hackers in attempted theft of $1.3b

They also are accused of conducting "spear-phishing" campaigns targeting US defense contractors and energy, aerospace and technology companies, as well as the State Department and Pentagon, to trick employees into giving up credentials enabling the hackers' entry into their computers.

"These North Korean military hacking units are known by multiple names in the cybersecurity community, including Lazarus Group and Advanced Persistent Threat 38 (APT38)", the DOJ said.

Three North Korean hackers have been charged with stealing over $1.3 billion worth of cryptocurrencies and cash by federal authorities, according to a press release published by the U.S. Justice Department on February 17.

The indictments name Jon Chang Hyok (a.k.a "Alex/Quan Jiang"), Kim Il (a.k.a. "Julien Kim"/"Tony Walker"), and Park Jin Hyok (a.k.a. Pak Jin Hek/Pak Kwang Jin).

The group, which earned a place in the USA government's sanctions list in 2019, has been linked into a wide array of criminal cyber activities, both in the US and overseas, including the destructive WannaCry ransomware outbreak of 2017, the SWIFT attacks on banks and ATM networks to steal more than $1.2 billion, conducting spear-phishing campaigns, and carrying out cryptocurrency thefts amounting to at least $112 million.

The group is alleged to have targeted staff of AMC Theatres and broken into computers belonging to Mammoth Screen, a United Kingdom film company that was working on a drama series about North Korea.

The WannaCry 2.0 ransomware attack in 2017 struck computers in more than 150 countries, temporarily crippling the computer system of Britain's public health care service. Demers said the Justice Department seized and plans to return $2 million of that back to an unnamed New York-based financial services company.

While the hackers broke into computer networks around the globe, it was unclear how successful the trio had been at obtaining money for the North Korean regime and themselves, Justice Department officials said. But the figures are significant.


The U.S. attorney's office in Los Angeles and the Federal Bureau of Investigation also obtained warrants to seize about $1.9 million in cryptocurrency allegedly stolen by the hackers from a NY bank and that was held at two cryptocurrency exchanges - businesses that exchange digital currencies for hard currency, like U.S. dollars.

"As laid out in today's indictment, North Korea's operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world's leading bank robbers", the department quoted Assistant Attorney General John Demers as saying.

All three men are believed to be in North Korea, which does not extradite its citizens to face USA charges.

The North Korean mission to the United Nations in NY did not immediately respond to requests for comment and contact details for the trio could not immediately be found. The Chinese and Russian embassies in Washington also did not immediately reply to requests for comment.

Overall, North Korea has generated an estimated $2 billion using "widespread and increasingly sophisticated" digital intrusions at banks and cryptocurrency exchanges, according to a United Nations report in 2019 by independent experts monitoring worldwide sanctions on Pyongyang.

"According to one member state, the DPRK total theft of virtual assets, from 2019 to November 2020" was approximately $316.4 million, the report said.

The Canadian-American man, 37-year-old Ghaleb Alaumary, from Mississauga, Ontario, is accused of being the group's money launderer in a separate case announced on Wednesday. Requests for comment sent to Alaumary's lawyers were not immediately returned.

Like this: