U.S. Calls North Korean Hackers ‘World’s Leading Bank Robbers’

North Korea was accused of being behind the 2014 hack of an internal computer network of Sony Pictures Entertainment Inc., an audacious attack that exposed Hollywood secrets and destroyed company data.

On Wednesday, U.S. officials said that was only the beginning.

In indicting three North Korean computer programmers for their involvement in the Sony hack and other attacks on global banking, financial, entertainment and cryptocurrency entities, the U.S. Justice Department accused them and a group of conspirators of extorting more than $1.3 billion of cash and cryptocurrency.

The attacks included the attempted theft of nearly $1 billion from the central bank of Bangladesh in 2016, and a year later, holding two Central American casinos hostage for more than $2.5 million in ransom, according to U.S. officials.

More recently, the group has focused on stealing cryptocurrencies, according to prosecutors. The hackers discreetly injected malicious software into their own line of digital currency applications, granting them access to the devices of their victims, which included cryptocurrency companies in Slovenia and Indonesia and an unnamed financial services firm in New York.

In all, the victims of the cryptocurrency scam lost more than $100 million, according to the U.S.

North Korea’s hackers “have become the world’s leading bank robbers,” said John Demers, head of the Justice Department’s National Security Devision. “Simply put, the regime has become a criminal syndicate with a flag, which harnesses its state resources to steal hundreds of millions of dollars.”

The Indictment

The North Korean hackers were identified as Jon Chang Hyok, Kim Il and Park Jin Hyok. Other North Koreans allegedly involved in the conspiracy weren’t named. The indictment unsealed Wednesday expands on a criminal complaint charging Park in 2018 for his alleged involvement in a conspiracy to conduct multiple cyber-attacks, including the Sony hack.

In the face of global sanctions to punish it for its nuclear weapons program, North Korea has relied heavily on cybercrime to fill its depleted coffers. It had taken in about $2 billion in 2019 through the worldwide theft of resources from the financial sector, according to testimony to a U.S. House committee in June.

The alleged hacking campaign outlined on Wednesday was part of an elaborate operation aimed at collecting money for North Korea’s Reconnaissance General Bureau, a military intelligence agency.

Pyongyang uses the Reconnaissance General Bureau to run its cybercrimes, according to a United Nations Panel of Experts responsible for investigating North Korea’s sanctions evasion. The agency’s hacking units are known as Lazarus Group and APT38.

As the North Korean hackers targeted institutions around the globe, from Los Angeles to Malta to Taiwan, the victims were either forced to or unknowingly lured into paying to prop up the North Korean regime, Demers said.

“According to several Member States, as well as open-source reports, the Democratic People’s Republic of Korea continues to target virtual asset service providers (for example, cryptocurrency exchange houses) and financial institutions for the purpose of evading United Nations sanctions,” the UN Experts’ panel said in a report last year.

Canadian Accomplice

To help move their money, the North Koreans allegedly turned to a Canadian man, Ghaleb Alaumary, who’s accused of organizing teams to launder millions of dollars stolen from automated teller machines, the U.S. said. Their victims included Pakistan’s BankIslami and an Indian bank, according to prosecutors.

Alaumary, 37, began cooperating with U.S. authorities in October 2019 and secretly signed a plea agreement last November, according to court papers unsealed Wednesday in Los Angeles. Under the plea deal, Alaumary would admit he laundered money from fraudulent ATM withdrawals, bank wire transfers orchestrated by the hackers, and to unauthorized access to business email accounts.

Although long in the works, the indictment is the first major action by the Biden administration against North Korea, which is under a wide range of punishing economic sanctions over its nuclear program. Former President Donald Trump met with North Korean leader Kim Jong Un on three occasions, but Kim’s regime never stopped building its nuclear stockpile and ballistic missile technology.

Demers called on China and Russia, two countries that have a long history of working with North Korea, “to take action” to rein in Pyongyang. He said the hackers operated out those countries as well as North Korea. President Joe Biden’s administration has said it is reviewing all aspects of Trump’s diplomacy with Pyongyang.

North Korea’s already paltry economy last year was on a path for its biggest contraction in more than two decades due to sanctions, flooding that wiped out farmland and Kim Jong Un’s decision to shut borders due to the coronavirus, which slammed the brakes on the little legal trade it had.

©2021 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.