Prosecutors today unsealed an indictment against Park Jin Hyok, Jon Chang Hyok, and Kim Il, all alleged to be part of the broadly defined North Korean hacker group known as Lazarus, Hidden Cobra, or APT38. The charges describe more than six years of North Korea's chaotic hacking across the globe. On top of a slew of intrusions into banks and cryptocurrency firms, the indictment alleges that the three men were involved in the deployment of the WannaCry ransomware worm , estimated to have caused at least $4 billion in global damages. The indictment also ties the three men to cyberattacks on Sony Pictures , UK TV production firm Mammoth Pictures, and AMC Theaters, all aimed at stopping the release of media that would embarrass or offend the Kim regime.
Perhaps most remarkably, the indictment details how the men created not only a collection of fake, malicious cryptocurrency applications designed to steal victims' funds, but also planned to create their own crypto-token called Marine Chain. The scheme would let users purchase stakes in seafaring cargo ships, but was in fact aimed at raising money for the North Korean government while evading international sanctions. “The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” acting US attorney Tracy L. Wilkison for the Central District of California said in a press conference announcing the charges. “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.”