Three North Korean computer programmers have been charged in the US with conspiring to steal and extort more than $1.3bn in money and cryptocurrency from banks and other companies through state-sponsored cyber hacks.
US officials unsealed the charges on Wednesday. They said they believed the three defendants — Park Jin Hyok, Jon Chang Hyok and Kim Il — were members of the Reconnaissance General Bureau, an agency of North Korea’s military intelligence, also known as the Lazarus group, or APT38.
Warrants have been issued for their arrest, although all three are believed to be in North Korea. Pyongyang has in the past denied the existence of Park Jin Hyok, who had been previously charged in a separate US case.
North Korean operatives “have become the world’s leading bank robbers”, John Demers, assistant attorney-general for national security at the US Department of Justice, told reporters on Wednesday.
The case involves a series of cyber attacks that took place over an 11-year span, including the 2014 hack that targeted Sony Pictures Entertainment over its intention to release The Interview, a comedy about a plot to kill North Korean leader Kim Jong Un.
While the Sony attack leaked confidential information in what appeared to be a bid to punish the company, US officials said North Korea had broadened its reach to steal money and bitcoin through targeted cyber attacks.
Countries targeted included the US and the UK, as well as others including Bangladesh, Malta, Mexico, Indonesia, Pakistan, the Philippines, Poland, South Korea, Slovenia, Taiwan and Vietnam, US officials said.
The defendants were also accused of taking part in the 2017 WannaCry ransomware assault, which infected 300,000 computers in 150 countries, with victims including Nissan, Renault and the UK’s National Health Service.
The attackers carried out ransomware attacks — freezing a victim’s data and demanding a ransom to release it — as well as “multiple malicious cryptocurrency applications” to target their victims, the US officials said.
They also launched multiple spear-phishing attacks targeting energy, aerospace and technology companies, as well as the US state department, the US defence department and other US defence contractors, the officials said.
“[North Korea’s] regime has become a criminal syndicate with a flag which harnesses its state resources to steal hundreds of millions of dollars,” Demers said. He also reserved criticism for Russia and China, where he said the accused hackers sometimes based themselves.
“The time is beyond right for Russia and China, as well as any other country whose entities or nationals play a role in [North Korean] revenue-generation efforts, to take action,” he said.
US prosecutors also on Wednesday announced charges against a dual US-Canadian national, who has pleaded guilty to helping to launder millions of dollars stolen by North Korean hackers.
Demers said the US expected to seize and ultimately return almost $2m that he said was stolen by North Korea from a New York-based financial services company.
Paul Chichester, head of operations at the UK’s National Cyber Security Centre, a branch of the intelligence and security organisation GCHQ, said in response to the charges: “Working with our allies we are committed to countering malicious activity by state and non-state actors and will defend ourselves from disruptive behaviour in cyber space.”
The US is also grappling with a months-long cyber hack that targeted the heart of government and which officials have attributed to Russia. It was discovered in December.On Wednesday Anne Neuberger, the National Security Council’s cyber lead, said the Biden administration had determined the so-called SolarWinds hack had compromised at least nine federal agencies and about a hundred companies. But she said it would take months longer to uncover full details.