US charges three North Korean hackers with trying to steal £1billion

US charges three North Korean hackers with trying to steal £1billion in cash and Bitcoin cyber-attack spree on banks, corporations and a Hollywood film studio as well as 2017 ‘WannaCry’ ransom sting on NHS

  • Newly unsealed indictment charges Jon Chang Hyok, Kim Il and Park Jin Hyok 
  • It also lists them as part of the NK spy agency Reconnaissance General Bureau 
  • WannaCry attack severely affected 81 UK hospital trusts and hundreds of GPs

The US Justice Department has charged three North Korean hackers with the 2017 WannaCry attack that crippled the NHS.

Prosecutors also accused them of a cyber breach targeting a Hollywood studio and the attempted theft and extortion of more than $1.3billion (£930million) in cash and Bitcoin from banks and firms.

The newly unsealed indictment charges Jon Chang Hyok, Kim Il and Park Jin Hyok with crimes including conspiracy to commit wire and bank fraud. 

It also lists them as members of the Reconnaissance General Bureau, Pyongyang’s spy agency, and says they were acting under orders from the hermit regime.


This wanted poster released by the Department of Justice shows Kim Il (left) and Park Jin Hyok (right), who prosecutors say is a member of a North Korean military intelligence agency and carried out hacks at its behest

Federal authorities said they unleashed an global ransomware campaign, which saw them target Sony Pictures in retaliation to the 2014 Hollywood movie The Interview, which depicted a fictionalised assassination of Kim Jong Un. 

The breach crashed the company’s network and resulted in the leak of confidential emails from executives. 

The trio were also charged in relation to the WannaCry attack, which spread through email, and severely affected 81 UK hospital trusts and hundreds of GP surgeries, locking staff out of their computers.

Nearly 20,000 hospital appointments were cancelled as a result of the May 2017 hacking, which demanded money from employees.

Doctors and nurses had to revert back to using paper and pen, and technology like MRI machines couldn’t be used.

Ransomware is malicious malware that infects computers, locks users out of files and demands money in order to unlock them.

Jon Chang Hyok, who prosecutors say is one of the hackers behind a sweeping ransomware campaign

Park was previously charged in 2018 in a criminal complaint linking him to the hacking team responsible for the hack of Sony Pictures and the WannaCry global ransomware attack, among other acts.  

Alarmingly to US officials, all three defendants worked at times from locations in Russia and China.

Law enforcement say the prosecution highlights the profit-driven motive behind North Korea’s criminal hacking, a contrast from other adversarial nations like Russia, China and Iran who are generally more interested in espionage, intellectual property theft or even disrupting democracy. 

As the US announced its case against the North Koreans, the government was still grappling with hacks by Russia of federal agencies and private corporations that officials say was aimed at information-gathering.

Assistant Attorney General John Demers, the Justice Department’s top national security official, said: ‘What we see emerging uniquely out of North Korea is trying to raise funds through illegal cyber activities.’ 

He added: ‘They use their cyber capabilities to try to get currency wherever they can do that, and that’s not something that we really see from actors in China or Russia or in Iran.’

None of the three defendants is in American custody, and though officials don’t expect them to travel to the US anytime soon for prosecution, Justice Department officials in recent years have found value in indicting foreign government hackers – even in absentia – as a message that they are not anonymous and can be identified and implicated in crimes.

The trio were also charged in relation to the WannaCry attack, which spread through email, severely affected 81 UK hospital trusts and hundreds of GP surgeries, locking staff out of their computers

The indictment says the hackers engaged not just in cybertheft but also in ‘revenge-motivated computer attacks, at times executing commands ‘to destroy computer systems, deploy ransomware’ or otherwise render victims’ computers inoperable.

‘The scope of these crimes by the North Korean hackers is staggering,’ said Tracy Wilkison, the acting US Attorney in the Central District of California, where Sony Pictures is located and where the indictment was filed. 

‘They are the crimes of a nation-state that has stopped at nothing to extract revenge and to obtain money to prop up its regime.’

Wilkison would not say how much money the hackers actually received. But the indictment does charge them in connection with a theft from Bangladesh’s central bank in 2016 involving wire transfers ‘totaling approximately $81million to bank accounts in the Philippines and $20million to a bank account in Sri Lanka,’ and with multiple other multi-million-dollar ATM cashouts and cyber extortion schemes.

All told, the conspirators ‘attempted to steal or extort more than $1.3 billion,’ according to the indictment.

To empty the cryptocurrency accounts of victims, the cyberthieves seeded malware posing as cryptocurrency-trading software on legitimate-seeming websites to trick victims, according to an alert published by the FBI and other US agencies. 

Once infected, a victim’s computer could be entered and controlled by remote access. Later, hackers used other techniques including phishing and social engineering to infect victims’ computers.

At the same time, prosecutors unsealed a plea deal with a dual US-Canadian citizen who investigators say organized the sophisticated laundering of millions of dollars in stolen funds. 

Ghaleb Alaumary, 37, of Ontario, Canada, agreed to plead guilty in Los Angeles to organizing teams of co-conspirators in the US and Canada to launder funds obtained through various schemes.

Source: Read Full Article