The Department of Justice Feb. 17 unsealed a federal indictment charging three North Korean computer programmers with participating in a wide-ranging criminal conspiracy to conduct a series of destructive cyberattacks, to steal and extort more than $1.3 billion from financial institutions and companies, including Sony Pictures and AMC Theatres.
The indictment alleges a broad array of criminal cyber activities undertaken by the conspiracy, in the United States and abroad, for revenge or financial gain. The schemes included a destructive cyberattack on Sony Pictures Entertainment in November 2014 in retaliation for The Interview, a movie comedy that depicted a fictional assassination of North Korean leader Kim Jong Un.
The attack resulted in the release of confidential emails and sensitive information from the studio, executives and other employees, leading to the departure of co-chairman Amy Pascal.
The hackers also targeted AMC Theatres, which was scheduled to screen the movie in December; and a 2015 intrusion into Mammoth Screen, which was producing a fictional TV series involving a British nuclear scientist taken prisoner in DPRK.
Named in the indictment, filed Dec. 8, 2020, in the U.S. District Court in Los Angeles, Jon Chang Hyok, 31; Kim Il, 27; and Park Jin Hyok, 36 — all alleged members of units of the Reconnaissance General Bureau (RGB), a military intelligence agency of the Democratic People’s Republic of Korea (DPRK), which engaged in criminal in a single conspiracy to cause damage, steal data and money, and otherwise further the strategic and financial interests of the DPRK government and its leader, Kim Jong Un.
The North Korean military hacking units are known by multiple names in the cybersecurity community, including Lazarus Group and Advanced Persistent Threat 38, according to the DOJ. Park was previously charged in a criminal complaint unsealed in September 2018.
“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” Assistant Attorney General John C. Demers of the Justice Department’s National Security Division, said in a statement. “The Department will continue to confront malicious nation state cyber activity with our unique tools and work with our fellow agencies and the family of norms abiding nations to do the same.”
The indictment expands upon the FBI’s 2018 charges for the cyberattacks conducted by the North Korea to extract revenge and obtain money to prop up its regime.
“The ongoing targeting, compromise, and cyber-enabled theft by North Korea from global victims was met with the outstanding, persistent investigative efforts of the FBI in close collaboration with U.S. and foreign partners,” said FBI Deputy Director Paul Abbate. “By arresting facilitators, seizing funds, and charging those responsible for the hacking conspiracy, the FBI continues to impose consequences and hold North Korea accountable for its/their criminal cyber activity.”