COURT DOC: Three North Korean Military Hackers Charged in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe

A federal indictment unsealed today charges three North Korean computer programmers with participating in a wide-ranging criminal conspiracy to conduct a series of destructive cyberattacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies, to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform.

The hacking indictment filed in the U.S. District Court in Los Angeles alleges that Jon Chang Hyok (전창혁), 31; Kim Il (김일), 27; and Park Jin Hyok (박진혁), 36, were members of units of the Reconnaissance General Bureau (RGB), a military intelligence agency of the Democratic Peoples Republic of Korea (DPRK), which engaged in criminal hacking. These North Korean military hacking units are known by multiple names in the cybersecurity community, including Lazarus Group and Advanced Persistent Threat 38 (APT38). Park was previously charged in a criminal complaint unsealed in September 2018.

The indictment alleges a broad array of criminal cyber activities undertaken by the conspiracy, in the United States and abroad, for revenge or financial gain. The schemes alleged include:

• Cyberattacks on the Entertainment Industry
• Cyber-Enabled Heists from Banks
• Cyber-Enabled ATM Cash-Out Thefts
• Creation and Deployment of Malicious Cryptocurrency Applications
• Targeting of Cryptocurrency Companies and Theft of Cryptocurrency
• Spear-Phishing Campaigns
• Marine Chain Token and Initial Coin Offering (Source: U.S. Department of Justice)