A North Korean regime backed programmer has been charged with conspiracy to conduct multiple destructive cyberattacks around the world resulting in damage to massive amounts of computer hardware, and theft of USD81 million from the Bangladesh Bank in 2016, according to a federal criminal complaint unsealed Thursday (Sept 9).
The complaint alleges that the individual identified as Park Jin Hyok was a member of a government-sponsored hacking team known to the private sector as the “Lazarus Group,” and worked for a North Korean government front company, Chosun Expo Joint Venture to support the country’s malicious cyber actions.
Announced by the Attorney General Jeff Sessions, Park is charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, and one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison.
The complaint alleges that the Conspiracy’s malicious activities include the creation of the malware used in the 2017 WannaCry 2.0 global ransomware attack; the 2016 theft of USD81 million from Bangladesh Bank; the 2014 attack on Sony Pictures Entertainment (SPE); and numerous other attacks or intrusions on the entertainment, financial services, defense, technology, and virtual currency industries, academia, and electric utilities.
According to the complaint, in February 2016, the Conspiracy stole USD81 million from Bangladesh Bank.
As part of the cyber-heist, the Conspiracy accessed the bank’s computer terminals that interfaced with the Society for Worldwide Interbank Financial Telecommunication (SWIFT) communication system after compromising the bank’s computer network with spear-phishing emails, then sent fraudulently authenticated SWIFT messages directing the Federal Reserve Bank of NY to transfer funds from Bangladesh to accounts in other Asian countries.
“The Conspiracy attempted to and did gain access to several other banks in various countries from 2015 through 2018 using similar methods and “watering hole attacks,” attempting the theft of at least USD1 billion through such operations,” the complaint said.
In addition to these criminal charges, Treasury Secretary Steven Mnuchin announced that the Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated Park and KEJV under Executive Order 13722 based on the malicious cyber and cyber-enabled activity outlined in the criminal complaint.
This group’s actions are particularly egregious as they targeted public and private industries worldwide – stealing millions of dollars, threatening to suppress free speech, and crippling hospital systems, said the FBI Director Christopher Wray.
“The scale and scope of the cyber-crimes alleged by the Complaint is staggering and offensive to all who respect the rule of law and the cyber norms accepted by responsible nations,” said Assistant Attorney General Demers.
The Complaint alleges that the North Korean government, through a state-sponsored group, robbed a central bank and citizens of other nations, retaliated against free speech in order to chill it half a world away, and created disruptive malware that indiscriminately affected victims in more than 150 other countries, causing hundreds of millions, if not billions, of dollars’ worth of damage, Demers said.