The United States Department of Justice has charged three North Korean computer programmers with a range of cyber attacks that made headlines around the world.

The men – 31-year-old Jon Chang Hyok, Kim Il, 27, and 36-year-old Park Jin Hyok – are alleged to have been part of North Korea’s Reconnaissance General Bureau (RGB), known commonly as the “Lazarus Group” or “APT38”, tasked with criminal hacking operations.

And – according to the DOJ – the men undertook a number of criminal cyber attacks at the behest of the North Korean regime, including:

  • The 2014 “Guardians of the Peace” hack of Sony Pictures, seemingly in retaliation to the production of “The Interview,” a comedy that depicted a CIA plot to assassinate North Korean leader Kim Jong-Un.
  • The 2017 WannaCry ransomware attack, which hit the UK’s National Health Service hard, as well as other ransomware attacks in the years since.
  • The creation and distribution of malicious cryptocurrency trading and wallet apps, that provided North Korean hackers with a way to infiltrate victims’ devices.
  • The theft of millions of dollars worth of cryptocurrency from hacked exchanges and financial services companies.
  • Spearphishing attacks against targeted employees of United States energy companies, aerospace companies, technology companies, the US Department of State, and the Department of Defense.
  • Attempts to steal more than $1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa by infiltrating their networks and sending fraudulent messages via the SWIFT banking system.

The DOJ claims that although the men were working for North Korea, they were sometimes stationed in other counties, including Russia and China.

In addition to unsealing the charges against the three men, the FBI, US Department of Treasury, and Department of Homeland Security have issued a security advisory regarding a family of North Korean malware known (Read more...)