Three North Koreans charged for roles in Sony Pictures, WannaCry and other hacks

The operatives sought to steal more than $1.2 billion from banks located in multiple countries, the Department of Justice claims

The US Department of Justice (DoJ) on Wednesday unsealed charges against three North Korean operatives accused of launching cyber attacks against multiple organisations, including the 2014 assault on Sony Pictures Entertainment, WannaCry in 2017 and various digital bank heists.

The Justice Department says that the three men - Park Jin Hyok, Kim Il and Jon Chang Hyok - worked for North Korea's military intelligence team, whose cyber groups are commonly known as APT38, Hidden Cobra or Lazarus Group by security researchers.

The newly unsealed indictment builds upon 2018 charges brought against Park for his role in the 2014 Sony Pictures hack, as well as other cyber campaigns carried out by Pyongyang hackers.

According to federal officers, the motive for the attack on Sony was retaliation for 2014 comedy movie 'The Interview', which mocked North Korean dictator Kim Jong Un.

The attack against Sony led to the deletion of a massive amount of data from Sony's systems, forcing the company to go offline until it could restore its systems and network. The hack also revealed private emails among top Hollywood executives.

In its 2018 indictment, the DoJ claimed that Park was in the US just before the 2014 attack, but left the country just before it began.

'The subjects targeted individuals and entities associated with the production of The Interview and employees of SPE, sending them malware that the subjects used to gain unauthorised access to SPE's network,' the 2018 indictment stated.

'Once inside SPE's network, the subjects stole movies and other confidential information, and then effectively rendered thousands of computers inoperable.'

This week's indictment adds new information about multiple North Korean cybercrime campaigns in the past six years, including a series of attacks against banks and cryptocurrency firms, various ATM hacks and digital extortion schemes.

It alleges that the three defendants sought to steal more than $1.2 billion from banks located in countries including Mexico, Vietnam, and Malta. They also infected cryptocurrency firms with malware as part of efforts to steal digital currency worth millions of dollars. In one instance, they stole $75 million from a Slovenian cryptocurrency firm and $11.8 million from a financial services firm in New York.

The DoJ indictment also accuses the three operatives of participating in deployment of the WannaCry ransomware worm in 2017, which is believed to have caused at least $4 billion in global damages.

On 12 May 2017, WannaCry encrypted hundreds of thousands of systems in a matter of hours across more than 150 countries. It was the first time that ransomware had infected so many computer systems so quickly, and in so many countries.

None of the three North Koreans have been arrested, and the prospect of any of them facing justice in a US court is remote.

The DoJ on Wednesday also unsealed a charge against Ghaleb Alaumary of Ontario, Canada, for his role as a money launderer for the North Korean conspiracy, among other criminal schemes.

The federal officials said that Alaumary agreed to plead guilty to the charge, which was filed in the US District Court in Los Angeles on 17 November 2020.