Prosecutors today unsealed an indictment against Park Jin Hyok, Jon Chang Hyok, and Kim Il, all alleged to be part of the broadly defined North Korean hacker group known as Lazarus, Hidden Cobra, or APT38. The charges describe more than six years of North Korea's chaotic hacking across the globe. On top of a slew of intrusions into banks and cryptocurrency firms, the indictment alleges that the three men were involved in the deployment of the WannaCry ransomware worm , estimated to have caused at least $4 billion in global damages. The indictment also ties the three men to cyberattacks on Sony Pictures , UK TV production firm Mammoth Pictures, and AMC Theaters, all aimed at stopping the release of media that would embarrass or offend the Kim regime.
Perhaps most remarkably, the indictment details how the men created not only a collection of fake, malicious cryptocurrency applications designed to steal victims' funds, but also planned to create their own crypto-token called Marine Chain. The scheme would let users purchase stakes in seafaring cargo ships, but was in fact aimed at raising money for the North Korean government while evading international sanctions. “The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” acting US attorney Tracy L. Wilkison for the Central District of California said in a press conference announcing the charges. “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.”
How North Korean Hackers Rob Banks Around the WorldThey scored $80 million by tricking a network into routing funds to Sri Lanka and the Philippines and then using a "money mule" to pick up the cash.While the indictment doesn't state a total amount of funds successfully obtained by the hackers, prosecutors say they attempted to steal a total of more than $1.3 billion. In terms of actual criminal gains, the indictment points to $121 million in total cryptocurrency thefts, as well as a long-running series of bank break-ins in which the hackers manipulated SWIFT transactions and carried out ATM cashouts to steal many millions more, including $110 million from Mexican financial firm Bancomext and $101 million from the Bangladesh Central Bank. The WannaCry ransomware they’re charged with creating also produced hundreds of thousands of dollars more in ransom payments —while also indiscriminately paralyzing hundreds of thousands of computers around the world across hospitals, government agencies, and companies in one of the most damaging cyberattacks in history.
Dong would research victims and how they might be exploited; Li did the dirty work of compromising the networks and exfiltrating the data.Not to mention a hit list that included multiple videogame and pharmaceutical companies, an educational software firm, Covid-19 research, and hundreds of other victims worldwide.