The US Department of Justice indicted two North Korean citizens who are believed to be members of the Lazarus group (aka Hidden Cobra, Dark Seoul and APT28) and is called one of the top bank robbers in the world.
The new indictment also expanded on charges
leveled in 2018 against Park Jin Hyok (J aka Jin Hyok Park and Pak Jin Hek), a North Korean hacker who was allegedly responsible for the massive 2017 WannaCry ransomware attacks, an attack on
The central bank of Bangladesh in 2016, the
Sony Pictures hack in 2014, and so on.
New charges were brought against 31-year-old Jon Chang Hyok (전 창혁) and 27-year-old Kim Il (김일).
Officials say all three hackers work for North Korea’s General Intelligence Agency and have been involved in the following hacker operations since 2014:
- Hacking Sony Pictures Entertainment in 2014 (revenge for the studio’s release of the Interview movie).
- Bank robberies in Vietnam, Bangladesh, Taiwan, Mexico, Malta and Africa from 2015 to 2019. Hackers attacked the SWIFT transfer system, trying to steal more than $1.2 billion.
- ATM cash withdrawal attacks using FASTCash malware. One of the successful attacks occurred in October 2018, when the group hunted $6.1 million from Pakistani BankIslami.
- WannaCry ransomware epidemic in May 2017.
- Creation and distribution of malicious cryptocurrency applications that steal user funds. Including Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader and Ants2Whale.
- Hacking of cryptocurrency companies and exchanges. Hackers attacked hundreds of such organizations and managed to steal tens of millions of dollars. Including $ 75 million from a Slovenian cryptocurrency company in December 2017; $ 24.9 million from an Indonesian cryptocurrency company in September 2018; and $ 11.8 million from a financial services company in New York in August 2020.
- 2016-2020 spear-phishing campaigns targeting US defense contractors, energy, aerospace, technology companies, and the US Department of State and Defense.
- Creation of a fake cryptocurrency company and issuance of the Marine Chain token. The US Department of Justice believes the scheme would allow users to acquire fractional ownership of marine vessels, and as a result, North Korea could gain access to investor funds and bypass US sanctions.
“North Korean operatives, using keyboards rather than masks and weapons, are the leading bank robbers of the 21st century,” said Assistant Attorney General John Demers.
Let me remind you that North Korean hackers attack cybersecurity experts on social networks. And also, as we reported, US authorities imposed sanctions on North Korean hack groups Lazarus, Bluenoroff and Andarial.