The US Department of Justice recently unsealed indictments detailing North Korea’s involvement in several global cyberattack campaigns against institutions in the financial and entertainment sectors, and money laundering schemes in certain US states.
The first unsealed indictment is for hacking activities done by three computer programmers from North Korea. Prosecutors name Jon Chang Hyok (전창혁; aka “Alex/Quan Jiang”), Kim Il (김일; aka “Julien Kim” and “Tony Walker”), and Park Jin Hyok (박진혁; aka “Pak Jin Hek”, “Pak Kwang Jin”, and “Jin Hyok Park”) as members of the Reconnaissance General Bureau (RGB), a military intelligence arm of the Democratic People’s Republic of Korea (DPRK) that is known for conducting clandestine operations on behalf of its country.
Park was already indicted back in Septmber 2018 for his involvement in multiple destructive cybercrime attacks, which includes the creation of WannaCry that made headlines in 2017, the Bangladesh Bank cyber heist in 2016, and the attack on Sony Pictures Entertainment (SPE) in 2015.
According to the Justice Department, the RGB is known by many names in the cybersecurity industry, such as the Lazarus Group and Advanced Persistent Threat 38 (APT38). Other crimes the three North Koreans are charged with include: attempting to hack banks’ networks and sending falsified SWIFT messages; the theft of millions of US dollars worth of cryptocurrency from cryptocurrency companies; conducting ATM cash-out (aka FASTcash) and spear phishing schemes; deploying multiple malicious cryptocurrency applications; and the creation and marketing of the Marine Chain Token, an attempt to gain funds and evade US sanctions. A charge was also unsealed against Ghaleb Alaumary, a Canadian-American described by the FBI as a “prolific money launderer”.
While Jon, Kim, and Park are based in North Korea, their government has stationed them in other countries like Russia and China, the report further claims.
North Korean actors have not only heavily targeted the financial sector but also several cybersecurity professionals. Jérôme Segura, director of threat intelligence at Malwarebytes details, “In one of the most recent campaigns, Lazarus APT has targeted vulnerability researchers and exploit developers to steal new exploits as well as any additional tools they may be able to use in the future. This campaign has been conducted to broaden their capabilities in using zero days in their future attacks.”
“The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” the report quotes Acting US Attorney for the Central District of California Tracy L. Wilkinson. “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.”
Alaumary is already in custody while Jon, Kim, and Park remain at large.
A copy of the indictment in PDF can be downloaded here.